CVE-2025-8959

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9...

WordPress WP-CFM Plugin <= 1.7.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP-CFM Type Plugin Vulnerable versions = 1.7.8 Fixed in 1.7.9 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-24706 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID af696388f906 Credits Nguyen Xuan Chien Required...