PT-2025-49587

Name of the Vulnerable Software and Affected Versions Azuriom CMS versions prior to 1.2.7 Description A client-side template injection CSTI issue exists in the Azuriom CMS admin dashboard. A low-privilege user can execute arbitrary template code within the context of an administrator's session...

CVE-2024-3379

In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Specifically, a user with a 'Member' role can issue a request to regenerate the private key of a project...

WordPress Plugin Notes Plus Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Software Plugin Notes Plus Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37561 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1f66e01a6482 Credits justakazh Required privilege...

WordPress Bakes And Cakes Theme <= 1.2.6 is vulnerable to Broken Access Control

Software Bakes And Cakes Type Theme Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37496 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c1a64d1962d4 Credits Dhabaleshwar Das Required...

Security Bulletin: IBM DataPower Operator affected by flaw in Go (CVE-2022-23773)

Summary This is a build-time issue that does not affect product code, but may be flagged in customer scans. IBM has addressed the CVE. Vulnerability Details CVEID: CVE-2022-23773 DESCRIPTION: An unspecified error with not treating branches with semantic-version names as releases in cmd/go in Gola...