PT-2025-40054

Name of the Vulnerable Software and Affected Versions Framelink Figma MCP Server versions prior to 0.6.3 Figma-developer-mcp versions prior to 0.6.3 Description A command injection flaw exists in the Framelink Figma MCP Server, allowing an unauthenticated remote attacker to execute arbitrary...

CourseSelectionSystem SQL注入漏洞

CourseSelectionSystem is a simple online course selection system by the individual developer of kidaze. CourseSelectionSystem suffers from a SQL injection vulnerability, which stems from an incorrect manipulation of the parameter cbranch in the file /Profilers/PriProfile/COUNT3s4.php, which could...

CVE-2025-10949

CVE-2025-10949 affects Changsha Developer Technology iView Editor

PT-2025-39392

Name of the Vulnerable Software and Affected Versions Changsha Developer Technology iView Editor versions up to 1.1.1 Description A flaw exists in the Markdown Handler component of the software that allows for cross site scripting. The issue is remotely exploitable and details of the exploit are...

CVE-2025-58231

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bitlydeveloper Bitly wp-bitly allows Stored XSS.This issue affects Bitly: from n/a through = 2.8.0...

CVE-2025-57924

Cross-Site Request Forgery CSRF vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6...

WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin Developer versions = 1.2.6...

CVE-2025-57924

Cross-Site Request Forgery CSRF vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6...

CVE-2025-57924 WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6...

CVE-2025-57924

CVE-2025-57924 is a CSRF vulnerability in the Automattic Developer WordPress plugin, affecting versions up to 1.2.6. The provided data include CVSS 3.1 metrics (3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N with base score 4.3). No exploit details or remediation are provided in the documents.

CVE-2025-57924

Cross-Site Request Forgery CSRF vulnerability in Automattic Developer developer allows Cross Site Request Forgery.This issue affects Developer: from n/a through = 1.2.6...

CVE-2025-57924 WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6...

PT-2025-38896

Name of the Vulnerable Software and Affected Versions Bitly versions through 2.7.4 Description A flaw exists in Bitly that allows for Stored Cross-site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The vulnerability could potentially allow an...

WordPress plugin Automattic Developer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

PT-2025-38775

Name of the Vulnerable Software and Affected Versions Automattic Developer versions n/a through 1.2.6 Description A Cross-Site Request Forgery CSRF issue exists in Automattic Developer. This allows attackers to perform actions on behalf of an authenticated user without their knowledge...

PPress 安全漏洞

PPress is a Python-based blogging CMS system by the individual developer yandaozi. A security vulnerability exists in PPress version 0.0.9, which stems from hard-coded credentials included in the default configuration...

CVE-2025-10050 Developer Loggers for Simple History <= 0.5 - Authenticated (Admin+) Local File Inclusion

The Developer Loggers for Simple History plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.5 via the enabledloggers parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...

WordPress plugin Developer Loggers for Simple History 路径遍历漏洞

WordPress Developer Loggers for Simple History plugin is a logging plugin designed for developers, mainly used to record operational changes in the process of website development or maintenance, to help track issues and optimize site functionality. A file inclusion vulnerability exists in the...

Security Bulletin: IBM Rational Developer for i is affected by an HTTP Parameter Pollution vulnerability in form-data (CVE-2025-7783)

Summary Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP in the Code Coverage functionality within IBM Rational Developer for i. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data...

CVE-2023-53325

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: Change logging to dev for mtkdpauxtransfer Change logging from drmerr,info to deverr,info in functions mtkdpauxtransfer and mtkdpauxdotransfer: this will be essential to avoid getting NULL pointer kernel panics ...