WordPress WoodMart Theme <= 8.2.5 is vulnerable to Broken Access Control

Software WoodMart Type Theme Vulnerable versions = 8.2.5 Fixed in 8.2.6 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2025-6745 Patch priority Low CVSS severity Low 5.3 Developer Xtemos PSID db887fae132e Credits stealthcopter Required...

编号撤回

ring is a library by Brian Smith, an individual developer. This CVE number has been withdrawn...

WordPress Support Board plugin <= 3.8.0 - Unauthenticated Authorization Bypass due to Use of Default Secret Key vulnerability

Unauthenticated Authorization Bypass due to Use of Default Secret Key vulnerability discovered by Foxyyy in WordPress Plugin Support Board versions = 3.8.0...

CVE-2025-49756

Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally...

CVE-2025-49756 Office Developer Platform Security Feature Bypass Vulnerability

...

CVE-2025-49756 Office Developer Platform Security Feature Bypass Vulnerability

...

CVE-2025-49756

CVE-2025-49756 affects Microsoft Office Developer Platform. Description states that use of a broken or risky cryptographic algorithm allows an authorized attacker to bypass a security feature locally. Connected PT-2025-28630 references affected platform and notes no explicit fix version informati...

Office Developer Platform Security Feature Bypass Vulnerability

Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally...

WordPress Premium SEO Pack <= 3.3.2 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Premium SEO Pack versions = 3.3.2...

PT-2025-28630

Name of the Vulnerable Software and Affected Versions: Office Developer Platform affected versions not specified Description: The issue concerns the use of a broken or risky cryptographic algorithm in the Office Developer Platform, which allows an authorized attacker to bypass a local security...

KLA85526 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, gain privileges, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An information disclosure...

Pixel Update Bulletin—July 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2025-07-05 or later address all issues in this bulletin and all issues in the July 2025 Android Securit...

WordPress WoodMart Theme <= 8.2.3 is vulnerable to Local File Inclusion

Software WoodMart Type Theme Vulnerable versions = 8.2.3 Fixed in 8.2.4 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2025-6746 Patch priority Low CVSS severity Low 7.5 Developer Xtemos PSID fa6d0144ad7f Credits stealthcopter Required privilege Contributor Published 7 Jul...

SUSE CVE-2025-25207

The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with...

SUSE CVE-2025-25208

A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster...

WordPress All In One Slider Responsive plugin <= 3.7.9 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin All In One Slider Responsive versions = 3.7.9...

WordPress Radio Station plugin <= 2.5.12 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Radio Station versions = 2.5.12...

Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits

Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence AI company Anthropic's Model Context Protocol MCP Inspector project that could result in remote code execution RCE and allow an attacker to gain complete access to the hosts. The vulnerability,...

WordPress Ultra Addons for Contact Form 7 plugin <= 3.5.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via UACF7_CUSTOM_FIELDS Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via UACF7CUSTOMFIELDS Shortcode vulnerability discovered by muhammad yudha in WordPress Plugin Ultimate Addons for Contact Form 7 versions = 3.5.21...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.6.2 release.

Red Hat Developer Hub 1.6.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...