EUVD-2025-205996

Cross-Site Request Forgery CSRF vulnerability in MERGADO Mergado Pack allows Cross Site Request Forgery.This issue affects Mergado Pack: from n/a through 4.2.0...

CVE-2025-62089 WordPress Mergado Pack plugin <= 4.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in MERGADO Mergado Pack allows Cross Site Request Forgery.This issue affects Mergado Pack: from n/a through 4.2.0...

CVE-2025-62089

CVE-2025-14998 (Branda – White Label & Branding, Free Login Page Customizer) is an unauthenticated privilege-escalation vulnerability in Branda

WordPress Mergado Pack plugin <= 4.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin Mergado Pack versions = 4.2.1...

WordPress plugin Mergado Pack 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-sit...

PT-2025-54377

Cross-Site Request Forgery CSRF vulnerability in MERGADO Mergado Pack allows Cross Site Request Forgery.This issue affects Mergado Pack: from n/a through 4.2.0...

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Insufficiently Random Values vulnerability in form-data.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Insufficiently Random Values vulnerability in form-data.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently...

PT-2025-53267

Name of the Vulnerable Software and Affected Versions FolioVision FV Simpler SEO fv-all-in-one-seo-pack versions through 1.9.6 Description An issue exists in FolioVision FV Simpler SEO fv-all-in-one-seo-pack related to incorrectly configured access control security levels, allowing for missing...

Malicious code in chai-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a153ef79c99f8b960c8e0557a16cb187571a31c3d4c2479e177ab630b36b6af6 The package chai-pack was found to contain malicious code...

EUVD-2025-204928

Malicious code in chai-pack npm...

MAL-2025-192725 Malicious code in chai-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a153ef79c99f8b960c8e0557a16cb187571a31c3d4c2479e177ab630b36b6af6 The package chai-pack was found to contain malicious code...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Improper Neutralization of Input Terminators due to Jakarta Mail (CVE-2025-7962)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Improper Neutralization of Input Terminators due to Jakarta Mail. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \...

SUSE: Security Advisory (SUSE-SU-2025:4421-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-64295 WordPress All In One SEO Pack plugin <= 4.8.6.1 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Retrieve Embedded Sensitive Data.This issue affects All In One SEO Pack: from n/a through = 4.8.6.1...

EUVD-2025-204062

Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Retrieve Embedded Sensitive Data.This issue affects All In One SEO Pack: from n/a through = 4.8.6.1...

CVE-2025-64295

CVE-2025-64295 affects the WordPress plugin All in One SEO Pack (all-in-one-seo-pack), credited as a vulnerability in versions up to and including 4.8.6.1 . The issue is described as an Insertion of Sensitive Information Into Sent Data vulnerability that allows retrieval of embedded sensitive dat...

Security Bulletin: Due to the use of IBM WebSphere Application Server, IBM Tivoli Network Manager (ITNM) IP Edition is affected by an SMTP injection vulnerability caused by Jakarta Mail(CVE-2025-7962)

Summary WebSphere Application Server, used by IBM Tivoli Network Manager ITNM IP Edition, is affected by an SMTP injection vulnerability caused by Jakarta Mail. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

PT-2025-52183

Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Retrieve Embedded Sensitive Data.This issue affects All In One SEO Pack: from n/a through = 4.8.6.1...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability (CVE-2025-12635)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature enabled. Vulnerability Details Refer to the security...