184 matches found
CVE-2025-69221
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of arbitrary agents, even if they have no permissions for this agent. LibreChat allows the...
CVE-2025-62096
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Maximum Products per User for WooCommerce maximum-products-per-user-for-woocommerce allows Stored XSS.This issue affects Maximum Products per User for WooCommerce: from n/a through = 4.4....
CVE-2025-62096
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Maximum Products per User for WooCommerce maximum-products-per-user-for-woocommerce allows Stored XSS.This issue affects Maximum Products per User for WooCommerce: from n/a through = 4.4....
CVE-2025-62096 WordPress Maximum Products per User for WooCommerce plugin <= 4.4.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Maximum Products per User for WooCommerce maximum-products-per-user-for-woocommerce allows Stored XSS.This issue affects Maximum Products per User for WooCommerce: from n/a through = 4.4....
WordPress plugin Maximum Products per User for WooCommerce 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based servers.WordPress...
Securing the Model Context Protocol (MCP): Risks, Controls, and Governance
The Model Context Protocol MCP replaces static, developer-controlled API integrations with more dynamic, user-driven agent systems, which also introduces new security risks. As MCP adoption grows across community servers and major platforms, organizations encounter threats that existing AI...
CVE-2025-11620
The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mrpuaddmultiplerolesui' and 'mrpusavemultipleuserroles' functions in all versions up to, and including, 1.0. This makes it possible for authenticated...
EUVD-2025-197949
The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mrpuaddmultiplerolesui' and 'mrpusavemultipleuserroles' functions in all versions up to, and including, 1.0. This makes it possible for authenticated...
WordPress Multiple Roles per User plugin <= 1.0 - Missing Authorization to Authenticated (Custom+) Privilege Escalation vulnerability
Missing Authorization to Authenticated Custom+ Privilege Escalation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Multiple Roles per User versions = 1.0...
EUVD-2025-9459
Malicious code in bioql PyPI...
EUVD-2025-7972
Malicious code in bioql PyPI...
CVE-2025-34208
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SAAS) uses unsalted SHA-512 and, fallback unsalted SHA-1, for password hashing via PHP hash() in multiple files (server_write_requests_users.php, update_database.php, legacy/Login.php, tests/Unit/Api/IdpControllerTest...
Linux Distros Unpatched Vulnerability : CVE-2022-24778
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by...
Linux Distros Unpatched Vulnerability : CVE-2020-35490
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...
Hard-Earned Lessons in Access Control at Scale: Enforcing Identity and Policy across Trust Boundaries with Reverse Proxies and MTLS
In today's enterprise environment, traditional access methods such as Virtual Private Networks VPNs and application-specific Single Sign-On SSO often fall short when it comes to securely scaling access for a distributed and dynamic workforce. This paper presents our experience implementing a...
CVE-2023-52181
Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects Theme per user: from n/a through 1.0.1...
CVE-2023-20245
Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass a configured access control list ACL and allow traffic that should be denied to flo...
Ensure That the Number of Files That Can Be Opened by Users Is Correctly Configured
The number of files that can be opened in Linux is limited. Once the limit is reached by a user, other users can no longer open files. By default, openEuler limits the maximum number of file handles that can be opened by each user to 1024. If the value exceeds 1024, new file handles cannot be...
CVE-2025-31455
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ralxz Limit Max IPs Per User limit-max-ips-per-user allows DOM-Based XSS.This issue affects Limit Max IPs Per User: from n/a through = 1.5...
CVE-2025-31455 WordPress Limit Max IPs Per User plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Limit Max IPs Per User allows DOM-Based XSS. This issue affects Limit Max IPs Per User: from n/a through 1.5...