CVE-2025-15482

The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.3 via 'chapaproceed' WooCommerce API endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including t...

CVE-2025-15482

CVE-2025-15482 affects the WordPress plugin Chapa Payment Gateway for WooCommerce . Multiple sources confirm a vulnerability in all versions up to and including 1.0.3 where the 'chapa_proceed' WooCommerce API endpoint exposes sensitive information, enabling unauthenticated attackers to retrieve d...

PT-2026-5887

Name of the Vulnerable Software and Affected Versions Chapa Payment Gateway Plugin for WooCommerce versions up to and including 1.0.3 Description The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress is susceptible to sensitive information disclosure. An unauthenticated attacker c...

WordPress plugin Chapa Payment Gateway Plugin for WooCommerce 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Improper Warning Message Handling

@anthropic-ai/claude-code is vulnerable to improper warning message handling. The vulnerability is due to an unclear trust prompt that failed to inform users that selecting “Yes, proceed” would execute files in the folder without further confirmation, which allows an attacker to trick users into...

CLSA-2025-1757700075 glibc: Fix of CVE-2019-9169

CVE-2019-9169: fix heap-based buffer over-read in proceednextnode in posix/regexec.c...

glibc: Fix of CVE-2019-9169

CVE-2019-9169: fix heap-based buffer over-read in proceednextnode in posix/regexec.c...

CLSA-2025-1757690876 glibc: Fix of CVE-2019-9169

CVE-2019-9169: fix heap-based buffer over-read in proceednextnode in posix/regexec.c...

CVE-2018-12871

creationtimestamp| type| source ---|---|--- 2025-08-31 03:01:36+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d...

Open Redirect

Overview googlesignin is a Sign in or up with Google for Rails applications Affected versions of this package are vulnerable to Open Redirect via the proceedto value in the session store when it is set to a protocol-relative URL. An attacker can redirect users to an unintended origin by submittin...

CVE-2025-58067 Basecamp's Google Sign-In for Rails allowed redirects to protocol-relative URI

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library ...

CVE-2025-58067 Basecamp's Google Sign-In for Rails allowed redirects to protocol-relative URI

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library ...

GHSA-5JCH-XHW4-R43V Google Sign-In for Rails allowed redirect to protocol-relative URI

Summary It is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly...

Linux Distros Unpatched Vulnerability : CVE-2018-19871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. CVE-2018-19871 Note that Nessus relies on the presence of the...

CVE-2023-1671

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code...

VulnCheck KEV: CVE-2023-1671

Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution...

The vulnerability of the warn-proceed handler component of the Sophos Web Appliance (SWA) security and management device allows a perpetrator to execute arbitrary commands.

The vulnerability of the warn-proceed handler component of the Sophos Web Appliance SWA security and management device for web devices is related to the lack of measures to sanitize input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...

CVE-2023-1671

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code...

CVE-2022-43408

Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF...

In the GNU C Library (aka glibc or libc6) through 2.29 proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

...