GHSA-R945-H4VM-H736 Grav API Privilege Escalation to Super Admin

Summary An insecure direct object reference and logic flaw in the Grav API plugin UsersController::update allows any authenticated user with basic API access api.access to modify their own permission configuration. An attacker can exploit this to escalate their privileges to Super Administrator...

CVE-2025-12937

The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'acfflmupdatetemplatewithpastedlayout' function in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers to...

WordPress ACF Flexible Layouts Manager plugin <= 1.1.6 - Missing Authorization to Unauthenticated Custom Field Update vulnerability

Missing Authorization to Unauthenticated Custom Field Update vulnerability discovered by Ahmad Salem a7mad.cc in WordPress Plugin ACF Flexible Layouts Manager versions = 1.1.6...

PT-2025-41911

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description A Stored Cross-Site Scripting issue exists that could allow a malicious user to view and modify sensitive data or make the webpage unavailable. The issue is due...

EUVD-2022-37587

Malicious code in bioql PyPI...

EUVD-2022-3241

Malicious code in bioql PyPI...

CVE-2022-34635

The mstatus.sd field in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a does not update when the mstatus.fs field is set to Dirty...

CVE-2025-27089

Directus is a real-time API and App dashboard for managing SQL database content. In affected versions if there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is...

WordPress plugin ACF On-The-Go 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the helperensureconfirmed call in managecustomfieldupdate.php, where the custom field name is not properly sanitized. An attacker can inject malicious scripts...

GHSA-CVRM-CR3M-QJ92 MantisBT XSS in manage_custom_field_update.php

An issue was discovered in MantisBT through 2.24.3. In the helperensureconfirmed call in managecustomfieldupdate.php, the custom field name is not sanitized. This may be problematic depending on CSP settings...

Exploit for Out-of-bounds Read in Nxp Lpc55S69Jbd100_Firmware

CVE-2021-40154...

Ethicon Endo-Surgery Generator G11 Vulnerability

OVERVIEW Johnson & Johnson, the parent company of Ethicon Endo-Surgery, LLC, reported an improper authentication vulnerability in the Ethicon Endo-Surgery Generator Gen11. EthiconEndo-Surgery, LLC has produced updates that mitigate this vulnerability in the affected product. AFFECTED PRODUCTS The...