PT-2025-50850

The BuddyTask plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple AJAX endpoints in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2025-66451

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups /api/prompts/groups/:groupId. However, the request bodies are not sufficiently validated for prop...

CVE-2025-66451 LibreChat's Improper Input Validation in Prompt Creation API Enables Unauthorized Permission Changes

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups /api/prompts/groups/:groupId. However, the request bodies are not sufficiently validated for prop...

CVE-2025-65950

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database compromise, data exfiltration, effectively...

EUVD-2025-202693

Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups OCG are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamical...

CVE-2025-59802

Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups OCG are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamical...

EulerOS 2.0 SP13 : proftpd (EulerOS-SA-2025-2528)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental...

EulerOS 2.0 SP13 : proftpd (EulerOS-SA-2025-2507)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental...

CVE-2025-59802

Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups OCG are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamical...

CVE-2025-59802

Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups OCG are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamical...

PT-2025-50623

Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups OCG are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamical...

PT-2025-50772

Name of the Vulnerable Software and Affected Versions LibreChat versions 0.8.0 and below Description LibreChat, a ChatGPT clone, has an issue where input validation is insufficient when creating prompts. JSON requests sent to the /api/prompts/groups/:groupId endpoint via the PATCH method are not...

CVE-2025-59802

Summary: CVE-2025-59802 affects Foxit PDF Editor/Reader prior to 2025.2.1. The issue is signature spoofing via Optional Content Groups (OCG): the OCG state is runtime-only and not included in the signature buffer, allowing an attacker to dynamically flip OCG visibility after signing (Post-Sign) u...

CVE-2025-65950 WBCE CMS is Vulnerable to Time-Based Blind SQL Injection through groups[] Parameter

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database compromise, data exfiltration, effectively...

EUVD-2025-202607

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database compromise, data exfiltration, effectively...

CVE-2025-65950 WBCE CMS is Vulnerable to Time-Based Blind SQL Injection through groups[] Parameter

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database compromise, data exfiltration, effectively...

CVE-2025-65950

WBCE CMS is vulnerable in versions 1.6.4 and earlier due to improper handling of the groups[] parameter in admin/users/save.php, enabling a low-privileged authenticated user to execute arbitrary SQL queries and potentially escalate to full database compromise with data exfiltration. The issue is ...

CVE-2025-65950 WBCE CMS is Vulnerable to Time-Based Blind SQL Injection through groups[] Parameter

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database compromise, data exfiltration, effectively...

WBCE CMS SQL注入漏洞

WBCE CMS is WBCE CMS open source a set of open source content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in WBCE CMS 1.6.4 and earlier versions, which stems from improper handling of the groups parameter and can lead to SQL injection attacks...

CVE-2025-13924

The Advanced Product Fields Product Addons for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.17. This is due to missing or incorrect nonce validation on the 'maybeduplicate' function. This makes it possible for unauthenticat...