WordPress Advanced Access Manager plugin <= 7.1.0 - Bypass Vulnerability vulnerability

Bypass Vulnerability vulnerability discovered by Tiago Ventura @perses in WordPress Plugin Advanced Access Manager versions = 7.1.0...

Amazon Linux 2023 : docker (ALAS2023-2026-1571)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1571 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...

CVE-2026-34040

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins AuthZ. This issue has been patched in version 29.3.1...

CVE-2026-34040 Moby: AuthZ plugin bypass with oversized request body

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins AuthZ. This issue has been patched in version 29.3.1...

Moby 安全漏洞

Moby is an open-source project developed by Moby. It aims to promote the containerization of software and help the ecosystem make container technology mainstream. Versions of Moby prior to 29.3.1 contained security vulnerabilities, which were due to allowing attackers to bypass authorized plugins...

EUVD-2022-43514

Malicious code in bioql PyPI...

EUVD-2025-12540

Malicious code in bioql PyPI...

EUVD-2025-29489

Malicious code in bioql PyPI...

WordPress Simple Payment plugin 1.3.6-2.3.8 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by kr0d in WordPress Plugin Simple Payment versions 1.3.6-2.3.8...

WordPress SureTriggers plugin <= 1.0.78 - Authorization Bypass vulnerability

Authorization Bypass vulnerability discovered by mikemyers in WordPress Plugin OttoKit versions = 1.0.78...

WordPress Survey Maker plugin <= 5.1.6.3 - Bypass vulnerability

Bypass vulnerability discovered by astra.r3verii in WordPress Plugin Survey Maker versions = 5.1.6.3...

OESA-2025-1187 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB OpenTSDB. Security Fixes: Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored...

CVE-2025-0914 Velociraptor Shell Plugin Prevent_execve Bypass

An improper access control issue in the VQL shell feature in Velociraptor Versions 0.73.4 allowed authenticated users to execute the execve plugin in deployments where this was explicitly forbidden by configuring the preventexecve flag in the configuration file. This setting is not usually...

CVE-2025-0914 Velociraptor Shell Plugin Prevent_execve Bypass

An improper access control issue in the VQL shell feature in Velociraptor Versions 0.73.4 allowed authenticated users to execute the execve plugin in deployments where this was explicitly forbidden by configuring the preventexecve flag in the configuration file. This setting is not usually...

Security Bulletin: IBM Instana Observability is vulnerable to AuthZ Plugin Bypass and Privilege Escalation

Summary Vulnerability in Docker Engine that could allow attackers to bypass authorization plugins AuthZ was remediated in IBM Observability with Instana Build 279. CVE-2024-41110 Vulnerability Details CVEID:CVE-2024-41110 DESCRIPTION: Moby is an open-source project created by Docker for software...

Docker Security Advisory: AuthZ Plugin Bypass Regression in Docker Engine (CVE-2024-41110)

Brocade Security Team has become aware that Certain versions of Docker Engine have a security vulnerability that could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being exploited is low. Detail Docker’s default authorization...

SUSE CVE-2011-2486

nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash...

UBUNTU-CVE-2022-31123

Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are...

Huawei OxfordP-AN10B Authorization Issues Vulnerability

The Huawei OxfordP-AN10B is a smartphone from the Chinese company Huawei Huawei. An authorization issue vulnerability exists in previous versions of Huawei OxfordP-AN10B 10.0.1.169 C00E166R4P1. An attacker can exploit this vulnerability by tricking a user into installing a malicious plugin to...

Cross-Site Request Forgery (CSRF)

firefox is vulnerable to cross-site request forgery CSRF attacks. POST requests made by the NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery CSRF attacks...