CVE-2025-57924

CVE-2025-57924 is a CSRF vulnerability in the Automattic Developer WordPress plugin, affecting versions up to 1.2.6. The provided data include CVSS 3.1 metrics (3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N with base score 4.3). No exploit details or remediation are provided in the documents.

CVE-2025-57924 WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6...

WordPress plugin Automattic Developer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

PT-2025-38775

Name of the Vulnerable Software and Affected Versions Automattic Developer versions n/a through 1.2.6 Description A Cross-Site Request Forgery CSRF issue exists in Automattic Developer. This allows attackers to perform actions on behalf of an authenticated user without their knowledge...

PT-2025-38896

Name of the Vulnerable Software and Affected Versions Bitly versions through 2.7.4 Description A flaw exists in Bitly that allows for Stored Cross-site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The vulnerability could potentially allow an...

PPress 安全漏洞

PPress is a Python-based blogging CMS system by the individual developer yandaozi. A security vulnerability exists in PPress version 0.0.9, which stems from hard-coded credentials included in the default configuration...

CVE-2025-10050 Developer Loggers for Simple History <= 0.5 - Authenticated (Admin+) Local File Inclusion

The Developer Loggers for Simple History plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.5 via the enabledloggers parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...

WordPress plugin Developer Loggers for Simple History 路径遍历漏洞

WordPress Developer Loggers for Simple History plugin is a logging plugin designed for developers, mainly used to record operational changes in the process of website development or maintenance, to help track issues and optimize site functionality. A file inclusion vulnerability exists in the...

Security Bulletin: IBM Rational Developer for i is affected by an HTTP Parameter Pollution vulnerability in form-data (CVE-2025-7783)

Summary Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP in the Code Coverage functionality within IBM Rational Developer for i. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data...

CVE-2023-53325

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: Change logging to dev for mtkdpauxtransfer Change logging from drmerr,info to deverr,info in functions mtkdpauxtransfer and mtkdpauxdotransfer: this will be essential to avoid getting NULL pointer kernel panics ...

Securing the Agentic Era: Introducing Astrix's AI Agent Control Plane

AI agents are rapidly becoming a core part of the enterprise, being embedded across enterprise workflows, operating with autonomy, and making decisions about which systems to access and how to use them. But as agents grow in power and autonomy, so do the risks and threats. Recent studies show 80%...

BIT-GITLAB-2025-7337 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 7.8 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user with Developer-level access to cause a persistent denial of service affecting all users on a GitLab instance by...

color 安全漏洞

color is a Javascript manipulation library by Josh Junon Personal Developer. A security vulnerability exists in color version 5.0.1 that stems from a phishing attack resulting in an account takeover, where malware may redirect cryptocurrency transactions in the browser environment...

CVE-2025-10204 Unauth Admin Reset Password on AC Smart II

A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to chang...

CVE-2025-10204

AC Smart II contains an authentication bypass vulnerability (CVE-2025-10204) due to a hidden admin password-reset form that can be manipulated via browser developer tools to display and use the form. The form allows changing the administrator password without verifying login status or permissions...

PT-2025-37410

Name of the Vulnerable Software and Affected Versions AC Smart II affected versions not specified Description A vulnerability exists in AC Smart II that allows unauthorized password changes. A hidden form for resetting the administrator password is present on a page, which can be manipulated usin...

CVE-2025-8681

Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Requires a high privileged user with a developer role...

CVE-2025-7337

An issue has been discovered in GitLab CE/EE affecting all versions from 7.8 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user with Developer-level access to cause a persistent denial of service affecting all users on a GitLab instance by...

CVE-2025-7337

GitLab CE/EE is affected in versions 7.8 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2. An authenticated user with Developer-level access could upload large files, enabling a persistent denial-of-service for all users on the instance. Root cause: the issue stems from insufficient vali...

CVE-2025-7337 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 7.8 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user with Developer-level access to cause a persistent denial of service affecting all users on a GitLab instance by...