160 matches found
CVE-2026-7165
The vulnerability is present in the ‘/addJugador’ endpoint: The 'keyJugador' and 'keyJugadorObjectiu' parameters allow the modification of other users’ information without requiring prior authorization validation. This could enable an authenticated attacker to alter any user’s ID and change their...
EUVD-2026-38235
The vulnerability is present in the ‘/addJugador’ endpoint: The 'keyJugador' and 'keyJugadorObjectiu' parameters allow the modification of other users’ information without requiring prior authorization validation. This could enable an authenticated attacker to alter any user’s ID and change their...
CVE-2026-7165 Multiple vulnerabilities in the Assassin game by Gaudire
The vulnerability is present in the ‘/addJugador’ endpoint: The 'keyJugador' and 'keyJugadorObjectiu' parameters allow the modification of other users’ information without requiring prior authorization validation. This could enable an authenticated attacker to alter any user’s ID and change their...
CVE-2026-0808
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...
CVE-2026-0808
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...
CVE-2026-0808
CVE-2026-0808: The Spin Wheel WordPress plugin (versions up to 2.1.0) allows unauthenticated, client-side prize manipulation bySending a modified prize_index parameter; server-side validation/randomization is missing. Wordfence notes the issue and indicates patches have been applied; ensure upgra...
EUVD-2026-3143
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...
CVE-2026-0808 Spin Wheel <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...
CVE-2026-0808
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...
CVE-2026-0808 Spin Wheel <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...
WordPress plugin Spin Wheel has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-3351
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...
WordPress Spin Wheel plugin <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter vulnerability
Unauthenticated Client-Side Prize Manipulation via 'prizeindex' Parameter vulnerability discovered by jsonc in WordPress Plugin Spin Wheel versions = 2.1.0...
Zero‑Days in the Age of AI: Behind the Scenes of ZeroDay.cloud 2025, with a Record High of CVEs in Critical Cloud Infra
ZDC awarded hackers $320,000 and uncovered a record‑breaking tally of critical CVEs for core cloud infrastructure, underscoring the scale and urgency of securing the open‑source software that underpins the modern cloud...
Cronos Kicks Off $42K Global Hackathon Focused on AI-Powered On-Chain Payments
Cronos launches x402 PayTech Hackathon with $42K prize pool to drive AI-powered on-chain payments using agent tech and Crypto.com tools...
Watch out for Walmart gift card scams
You’ve probably seen it before—a bright, urgent message claiming you’ve qualified for a $750 or $1000 Walmart gift card. All you have to do is answer a few questions. It looks harmless enough. But once you click, you find yourself in a maze of surveys, redirects, and "partner offers"—without ever...
Home Depot Halloween phish gives users a fright, not a freebie
We received a timely phishing email pretending to come from Home Depot. It claimed we’d won a Gorilla Carts dump cart that’s a sort of four-wheeled wheelbarrow for anyone unfamiliar—and said it was just one click away. It wasn’t. The whole image in the email was clickable, and it hid plenty of...
Colliding with Adversaries at ECML-PKDD 2025 Adversarial Attack Competition 1st Prize Solution
This report presents the winning solution for Task 1 of Colliding with Adversaries: A Challenge on Robust Learning in High Energy Physics Discovery at ECML-PKDD 2025. The task required designing an adversarial attack against a provided classification model that maximizes misclassification while...
EUVD-2018-9726
Malware in sbrugna...
EUVD-2025-1792
Malicious code in bioql PyPI...