CVE-2025-65798

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...

EUVD-2025-201722

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service DoS...

Google Android 安全漏洞

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a privilege obfuscation vulnerability that originates from a privilege obfuscation issue in the SettingsSliceProvider.java file, which can be exploited by an...

WordPress plugin Helloprint 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-66557

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This...

CVE-2025-66554

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked ...

EUVD-2025-201465

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This...

CVE-2025-66557 Nextcloud Deck app allowed user with "Can share" permission to modify permissions of other non-owners

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This...

CVE-2025-66557 Nextcloud Deck app allowed user with "Can share" permission to modify permissions of other non-owners

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This...

EUVD-2025-201414

Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts...

CVE-2025-2848

A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions...

CVE-2025-64057

Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts...

Deck app allowed user with "Can share" permission to modify permissions of other non-owners

None...

EUVD-2025-201393

The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the arkrpoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin's configuration settings via a...

CVE-2025-12093

The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to perform several actions like registering an account,...

CVE-2025-12093

CVE-2025-12093 (Voidek Employee Portal, WordPress) The vulnerability is a missing capability check in several AJAX actions, allowing unauthenticated users to perform account-related actions (register, delete users, modify details) in all versions up to 1.0.6. Wordfence notes the issue in the Void...

CVE-2025-12093 Voidek Employee Portal <= 1.0.7 - Missing Authorization

The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to perform several actions like registering an account,...

EUVD-2025-201356

The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.6. This makes it possible for unauthenticated attackers to perform several actions like registering an account,...

CVE-2025-64057

Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts...

PT-2025-49223

The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.6. This makes it possible for unauthenticated attackers to perform several actions like registering an account,...