CVE-2025-11725

The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to modify plugin's configuration settings,...

CVE-2025-12367

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Author-level...

CVE-2025-12367 SiteSEO – SEO Simplified <= 1.3.1 - Missing Authorization to Authenticated (Author+) Plugin Settings Update

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Author-level...

Linux Distros Unpatched Vulnerability : CVE-2024-45397

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets ...

PT-2025-23119 · M2Soft · M2Soft Crownix Report & Ers

Name of the Vulnerable Software and Affected Versions: M2Soft CROWNIX Report & ERS versions 5.x through 5.5.14.1070 M2Soft CROWNIX Report & ERS versions 7.x through 7.4.3.960 M2Soft CROWNIX Report & ERS versions 8.x through 8.2.0.345 Description: An arbitrary file upload issue allows attackers to...

PT-2025-3845 · WordPress · Divi Carousel Maker

Name of the Vulnerable Software and Affected Versions: Divi Carousel Maker plugin for WordPress versions up to, and including, 2.0.4 Description: The Divi Carousel Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Carousel and Logo Carousel in all...

PT-2025-4977 · Unknown · Andrea Brandi Twitter Shortcode

Name of the Vulnerable Software and Affected Versions: Andrea Brandi Twitter Shortcode versions 0.9 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions o...

PT-2024-35902 · Advance · Advanced

Name of the Vulnerable Software and Affected Versions: Advanced What should we write next about versions n/a through 1.0.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions o...

PT-2024-34791 · Unknown · Chaser324 Featured Posts Scroll

Name of the Vulnerable Software and Affected Versions: Chaser324 Featured Posts Scroll versions 1.25 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2024-33584 · WordPress · Endless Posts Navigation

Name of the Vulnerable Software and Affected Versions: Endless Posts Navigation versions n/a through 2.2.7 Description: A Cross-Site Request Forgery CSRF issue in Endless Posts Navigation allows Stored XSS. This means an attacker can perform actions on behalf of a user without their knowledge,...

PT-2024-2055 · Ibm · Ibm Engineering Requirements Management Doors

Name of the Vulnerable Software and Affected Versions: IBM Engineering Requirements Management DOORS version 9.7.2.7 Description: The issue is related to cross-site request forgery, which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the websit...

PT-2023-26650 · Unknown · Gugoan Economizzer

Name of the Vulnerable Software and Affected Versions: gugoan Economizzer version 0.9-beta1 Description: The issue concerns a user enumeration vulnerability in the login and forgot password functionalities. The application reacts differently when a user or email address is valid, and when it's no...

rConfig <= 3.x Multiple Vulnerabilities

rConfig is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rconfig:rconfig"; if description...

PT-2022-20427 · Jenkins · Jenkins Autocomplete Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Autocomplete Parameter Plugin versions 1.1 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin references certain parameter names in an unsafe manner from...

Mahara <= 20.10 CSRF Vulnerability

Mahara is prone to a cross-site request forgery CSRF vulnerability that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a...

FTPDMIN <= 0.96 Multiple DoS Vulnerabilities

FTPDMIN is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2019-20608

An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 software. An attacker can use Emergency mode to disable features. The Samsung IDs are SVE-2018-13164, SVE-2018-13165 April 2019...

CVE-2019-20608

An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 software. An attacker can use Emergency mode to disable features. The Samsung IDs are SVE-2018-13164, SVE-2018-13165 April 2019...

Design/Logic Flaw

An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 software. An attacker can use Emergency mode to disable features. The Samsung IDs are SVE-2018-13164, SVE-2018-13165 April 2019...

Improper Access Control Vulnerability in RICOH printers

Overview Multiple RICOH printers contain Improper Access Control CWE-284. RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership. Impact A user who c...