CVE-2025-12777

CVE-2025-12777 concerns YITH WooCommerce Wishlist for WordPress (versions

WordPress YITH WooCommerce Wishlist plugin <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion vulnerability

Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin YITH WooCommerce Wishlist versions = 4.10.0...

EUVD-2009-5014

Malware in sbrugna...

EUVD-2022-32824

Malicious code in bioql PyPI...

CVE-2022-28379

jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion...

CVE-2018-14862

Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request...

CVE-2024-49868 btrfs: fix a NULL pointer dereference when failed to start a new trasacntion

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion BUG Syzbot reported a NULL pointer dereference with the following crash: FAULTINJECTION: forcing a failure. starttransaction+0x830/0x1670...

Cross site request forgery (csrf)

The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack...

CVE-2023-0555

The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those...

Ingredients Stock Management System SQL注入漏洞

Ingredients Stock Management System is an ingredient stock management system from Carlo Montero's personal developer. .php?f=deleteitem location has an SQL injection issue with the id parameter. No detailed vulnerability details are available at this time...

CVE-2022-28379

jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion...

CVE-2022-28379

jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion...

CVE-2022-28379

jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion...

Arbitrary file deletion

jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion...

CVE-2022-28379

jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion...

Design/Logic Flaw

A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vend...

WordPress Albo Pretorio Online Plugin 3.2 - Multiple Vulnerabilities

There are multiple vulnerabilities in Albo Pretorio Online plugin, such as SQL injection, CSRF and stored XSS. Also, some reflected XSS. Because of these vulnerabilities, the item deletion is unprotected and any element could be deleted, also, eash form input is vulnerable. Solution Upgrade the...