EUVD-2026-5835

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...

CVE-2025-54425 Umbraco's Delivery API allows for cached requests to be returned with an invalid API key

Umbraco is an ASP.NET CMS. In versions 13.0.0 through 13.9.2, 15.0.0 through 15.4.1 and 16.0.0 through 16.1.0, the content delivery API can be restricted from public access where an API key must be provided in a header to authorize the request. It's also possible to configure output caching, such...

CVE-2025-54425

CVE-2025-54425 affects Umbraco’s Delivery API. When public access is restricted by an API key header and output caching is enabled, the cache does not vary by the API key header, potentially returning cached responses to users without a valid API key if a prior request with a valid key occurred. ...

Umbraco Delivery API allows for cached requests to be returned with an invalid API key

Impact Umbraco's content delivery API can be restricted from public access such that an API key must be provided in a header to authorize the request. It's also possible to configure output caching, such that the delivery API outputs will be cached for a period of time, improving performance...