3 matches found
CVE-2025-66491 Traefik has Inverted TLS Verification Logic in its ingress-nginx Provider
Traefik is an HTTP reverse proxy and load balancer. Versions 3.5.0 through 3.6.2 have inverted TLS verification logic in the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. Setting the annotation to "on" intending to enable backend TLS certificate verification actually disables...
WordPress WPFunnels plugin <= 3.6.2 - Unauthorized User Registration vulnerability
Unauthorized User Registration vulnerability discovered by Ahmed Rayen Ayari in WordPress Plugin WPFunnels versions = 3.6.2...
CVE-2025-4280 TCC Bypass via Inherited Permissions in Bundled Interpreter in Poedit.app
MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...