au.com.versent.jenkins.plugins:ignore-committer-strategy (>=29.v7c3891a_434c3 <=57.v0756db_b_f6926), br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1) +150 more potentially affected by CVE-2025-67640 via org.jenkins-ci.plugins:git-client (>=1.0.2 <=6.4.0)

org.jenkins-ci.plugins:git-client MAVEN version =1.0.2, =29.v7c3891a434c3, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.1.2 and more Source cves: CVE-2025-67640 Source advisory: OSV:GHSA-V8HG-M323-JVJQ...

Wordfence Bug Bounty Program Monthly Report – November 2025

Last month in November 2025, the Wordfence Bug Bounty Program received 746 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfen...

com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=6.0.0), com.jgeppert.struts2.bootstrap:struts2-bootstrap-showcase (=6.0.0) +53 more potentially affected by CVE-2025-64775 +1 more via org.apache.struts:struts2-core (>=7.0.0 <=7.0.3)

org.apache.struts:struts2-core MAVEN version =7.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.3 and more Source cves: CVE-2025-64775, CVE-2025-66675 Source advisory: OSV:GHSA-RG58-XHH7-MQJWhttps://vu...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +332 more potentially affected by CVE-2025-64775 +1 more via org.apache.struts:struts2-core (>=2.0.11 <=6.7.4)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.9, =1.2, =1.0, =1.0, =1.0.4 and more Source cves: CVE-2025-64775, CVE-2025-66675 Source advisory: OSV:GHSA-RG58-XHH7-MQ...

com.github.vzakharchenko:chillispot-radius-plugin (>=1.2.6 <=1.4.11), com.github.vzakharchenko:cisco-radius-plugin (>=1.2.5 <=1.4.11) +47 more potentially affected by CVE-2025-14082 via org.keycloak:keycloak-authz-policy-common (>=10.0.0 <=26.4.7)

org.keycloak:keycloak-authz-policy-common MAVEN version =10.0.0, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =2.5.6-24.0, =0.1.0, =8.1, =1.0.0, =1.1.0 and more Source cves: CVE-2025-14082 Source advisory:...

Fedora 44 : containernetworking-plugins (2025-c67591d0a2)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c67591d0a2 advisory. Automatic update for containernetworking-plugins-1.9.0-1.fc44. Changelog Tue Dec 9 2025 Bradley G Smith - 1.9.0-1 - Update to release v1.9.0 -...

Plugins 信息泄露漏洞

Plugins are a number of CNI open source reference and example network plugins. An information disclosure vulnerability exists in Plugins versions 1.6.0 through 1.8.0, which stems from a misconfiguration of the nftables backend that could lead to traffic interception...

EUVD-2021-34738

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the updateuserpermissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory...

CVE-2021-47701

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the updateuserpermissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory...

@dockstat/plugin-builder (>=1.0.3 <=1.0.8), @dockstat/typings (>=1.1.0 <=1.1.2) +8 more potentially affected by CVE-2025-66456 via elysia (>=1.4.11 <=1.4.16)

elysia NPM version =1.4.11, =1.0.3, =1.1.0, =0.1.29, =0.0.21-alpha.3, =2.0.0, =1.2.11, =0.0.1, =0.1.0, =0.6.0 - nautika-types =1.6.0 Source cves: CVE-2025-66456 Source advisory: SNYK:JS-ELYSIA-14287465...

CVE-2021-47701 OpenBMCS User Management Privilege Escalation

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the updateuserpermissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory...

CVE-2021-47701 OpenBMCS User Management Privilege Escalation

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the updateuserpermissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory...

EUVD-2025-202136

Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7,...

CVE-2025-67598

Cross-Site Request Forgery CSRF vulnerability in PSM Plugins SupportCandy supportcandy allows Cross Site Request Forgery.This issue affects SupportCandy: from n/a through = 3.4.1...

CVE-2025-67468

Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7,...

EUVD-2025-202055

Cross-Site Request Forgery CSRF vulnerability in PSM Plugins SupportCandy supportcandy allows Cross Site Request Forgery.This issue affects SupportCandy: from n/a through = 3.4.1...

CVE-2025-67468 WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7,...

CVE-2025-67468 WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7,...

PT-2025-49972

Name of the Vulnerable Software and Affected Versions SupportCandy versions through 3.4.1 Description A Cross-Site Request Forgery CSRF issue exists in PSM Plugins SupportCandy. This allows attackers to potentially perform actions on behalf of authenticated users without their knowledge...

PT-2025-49884

Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7,...