3782 matches found
Drupal Features Module <= 0.0.2 is vulnerable to Broken Access Control
Software Features Type Module Vulnerable versions = 0.0.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-12582 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2b7c0646055d Credits Nabil Irawan - Heroes Cyber Security...
PT-2025-45065
Name of the Vulnerable Software and Affected Versions Features plugin for WordPress versions up to and including 0.0.2 Description The Features plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check on the features revert option API...
WordPress plugin Premium Portfolio Features for Phlox 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-45104
Name of the Vulnerable Software and Affected Versions Premium Portfolio Features for Phlox theme plugin for WordPress versions prior to 2.3.11 Description The Premium Portfolio Features for Phlox theme plugin for WordPress is susceptible to Local File Inclusion in versions prior to 2.3.11. This...
CVE-2025-64294
Missing Authorization vulnerability in d3wp WP Snow Effect wp-snow-effect allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Snow Effect: from n/a through = 1.1.19...
EUVD-2025-37412
The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Author-level...
CVE-2025-12367
The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Author-level...
CVE-2025-12367 SiteSEO – SEO Simplified <= 1.3.1 - Missing Authorization to Authenticated (Author+) Plugin Settings Update
The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Author-level...
[SECURITY] Fedora 42 Update: vgrep-2.8.0-4.fc42
vgrep is a pager for grep, git-grep, ripgrep and similar grep implementations, and allows for opening the indexed file locations in a user-specified editor such as vim or emacs. vgrep is inspired by the ancient cgvg scripts but extended to perform further operations such as listing statistics of...
ixgbevf: fix mailbox API compatibility by negotiating supported features
...
You asked, we delivered: Introducing new features for an improved security experience
At the Microsoft Security Response Center MSRC, your feedback drives our innovation. Every enhancement we deliver starts with listening to the security community and our customers. Based on your input, we’ve introduced three new features designed to make your experience more efficient, transparen...
CVE-2025-40104 ixgbevf: fix mailbox API compatibility by negotiating supported features
In the Linux kernel, the following vulnerability has been resolved: ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from various OSes supporting 10G adapters from Intel portfolio could easily...
CVE-2025-40104
In the Linux kernel, the following vulnerability has been resolved: ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from various OSes supporting 10G adapters from Intel portfolio could easily...
CVE-2025-40104 ixgbevf: fix mailbox API compatibility by negotiating supported features
In the Linux kernel, the following vulnerability has been resolved: ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from various OSes supporting 10G adapters from Intel portfolio could easily...
CVE-2025-64211
Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy Elementor Widgets: from n/a through = 1.2.4...
[SECURITY] Fedora 42 Update: qt6-qtspeech-6.9.3-1.fc42
The module enables a Qt application to support accessibility features such as text-to-speech, which is useful for end-users who are visually challenged or cannot access the application for whatever reason. The most common use case where text-to-speech comes in handy is when the end-user is drivin...
PT-2025-44379
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.0dj Description The Linux kernel contains a flaw in the cxl/features component. Specifically, the cxl feature info function may be called with a NULL pointer when hardware does not support features,...
Malicious Package
Overview no-unsupported-browser-features is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...
EUVD-2025-36864
Malicious code in no-unsupported-browser-features npm...
MAL-2025-49027 Malicious code in no-unsupported-browser-features (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e421e834a041473c40faa9f19e564697a54e65c126010d4916e2927c757c4e78 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...