CVE-2026-3360 Tutor LMS <= 3.9.7 - Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the payincompleteorder function. The function accepts an...

EUVD-2020-24706

Malware in sbrugna...

EUVD-2021-6986

Malicious code in bioql PyPI...

Selenium 3.141.59 Remote Code Execution

Exploit Title: Selenium 3.141.59 - Remote Code Execution Firefox/geckodriver Date: 2021-05-27 Exploit Author: Jon Stratton Vendor Homepage: https://www.selenium.dev/ Software Link: https://selenium-release.storage.googleapis.com/3.141/selenium-server-standalone-3.141.59.jar Version: 3.141.59 Test...

Cisco AnyConnect Secure Mobility Client Input Validation Error Vulnerability

Cisco AnyConnect Secure Mobility Client for Windows is a Windows-based secure mobility client from Cisco that provides secure access to networks and applications from any device. An input validation error vulnerability exists in the interprocess communication IPC channel of Cisco AnyConnect Secur...

Vulnerabilities fixed in Cisco AnyConnect Secure Mobility Client

Vulnerabilities have been fixed in Cisco AnyConnect Secure Mobility Client. The vulnerability with CVE attribute CVE-2021-1519 allows a local malicious person able to overwrite VPN profiles. The remaining vulnerabilities apply only to the Windows client, whereby a local malicious agent, by...

Profile overwrite/delete due to registry size limit.

All, We have discovered a bug with NT v4.0-SP6a registry size growth and overwriting of user profiles. This bug was exposed when the SMS v2.0-SP2 client runs into a condition where it continually creates new registry keys and values filling the system registry with thousands of crap entries - thu...