WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass

Stacks Mobile App Builder WordPress plugin ≤ 5.2.3 suffers from an authentication bypass vulnerability via improper handling of query parameters, allowing attackers to impersonate arbitrary users. id: CVE-2024-50477 info: name: WordPress Stacks Mobile App Builder =5.2.3 - Authentication Bypass...

Hippoo Mobile App for WooCommerce <= 1.7.1 - Unauthenticated Arbitrary File Read

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to and including 1.7.1 via the templateredirect function. The plugin registers 'hippooserve' as a WordPress query variable and uses it to serve PWA files from the pwa/ directory. In...

Sophos Mobile managed on-premises - XML External Entity Injection

An XML External Entity XXE vulnerability allows server-side request forgery SSRF and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. id: CVE-2022-3980 info: name: Sophos Mobile managed on-premises - XML External Entity Injection author: dabla...

Hippoo Mobile App for WooCommerce <= 1.9.4 - Authentication Bypass to Admin Account Takeover

Hippoo Mobile App for WooCommerce WordPress plugin = 1.9.4 contains an authentication bypass caused by logic conflation in user permission checks, letting unauthenticated attackers take over administrator accounts via REST API password reset. id: CVE-2026-10580 info: name: Hippoo Mobile App for...

Ozette Plugins - Cross-Site Request Forgery

An attacker can update, create, and remove the site's mobile redirects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. id: CVE-2023-23897 info: name: Ozette Plugins - Cross-Site Request Forgery author: popcorn94 severity: medi...

UBUNTU-CVE-2026-54267

Angular is a development platform for building mobile and desktop web...

UBUNTU-CVE-2026-54268

Angular is a development platform for building mobile and desktop web...

UBUNTU-CVE-2026-50171

Angular is a development platform for building mobile and desktop web...

UBUNTU-CVE-2026-50557

Angular is a development platform for building mobile and desktop web...

UBUNTU-CVE-2026-50170

Angular is a development platform for building mobile and desktop web...

UBUNTU-CVE-2026-52725

Angular is a development platform for building mobile and desktop web...

UBUNTU-CVE-2026-50555

Angular is a development platform for building mobile and desktop web...

Ivanti Endpoint Manager Mobile - Unauthenticated Remote Code Execution

An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials. This leads to unauthenticated Remote Code Execution via unsafe userinput in one of the bean validators which is sink for Server-Side Template Injection. id:...

WP Mobile Detector <= 3.5 - Unrestricted File Upload

WP Mobile Detector plugin for WordPress = 3.5 contains an unrestricted file upload vulnerability caused by missing file type validation in resize.php, letting unauthenticated attackers upload arbitrary files, potentially leading to remote code execution. id: CVE-2016-15043 info: name: WP Mobile...

WordPress Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.43 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by Muhammad Arsalan Diponegoro tripoloski in WordPress Plugin Form Maker by 10Web versions = 1.15.43...

CVE-2026-53900

Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0...

CVE-2026-53900

CVE-2026-53900 concerns Firefox for iOS. The issue: cookies set on the initial PDF request were preserved across cross-origin HTTP redirects in TemporaryDocument, enabling a malicious site to inject cookies into requests to an unrelated target domain. The CVE has a base score of 4.3 (Medium) per ...

CVE-2026-53899

CVE-2026-53899 affects Firefox for iOS. The issue arises from partial domain matching when attaching cookies to PDF requests, enabling a malicious site on a suffix domain to receive cookies belonging to the target site. The root cause is tied to how cookies were matched during PDF handling, leadi...

CVE-2026-53899 Cross-origin cookies could be leaked when opening a PDF link

Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0...

Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass

Ivanti Endpoint Manager Mobile EPMM, formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available. id: CVE-2023-35078 info...