CVE-2025-7841

CVE-2025-7841 affects the WordPress plugin “Sertifier Certificate & Badge Maker for WordPress – Tutor LMS.” A CSRF flaw exists due to missing/incorrect nonce validation on the sertifier_settings page, enabling unauthenticated attackers to update the plugin’s API key if a site admin is tricked int...

CVE-2023-34165

Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions...

PT-2022-5004 · Hitachi Energy · Hitachi Energy Msm

Name of the Vulnerable Software and Affected Versions: Hitachi Energy MSM versions V2.2 and prior Description: A vulnerability exists in the HTTP web interface where it does not validate data in an HTTP header, leading to a possible HTTP response splitting. This could allow an attacker to channel...

Apple Releases iTunes 10.5.1

Apple has released iTunes 10.5.1 to address a vulnerability. This vulnerability may allow an attacker to conduct a man-in-the-middle attack that could lead a user to click on a forged link believed to have originated from Apple. US-CERT encourages users and administrators to review Apple article...