GO-2025-4220 memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos...

EUVD-2023-23379

Malicious code in bioql PyPI...

EUVD-2025-27129

Malicious code in bioql PyPI...

CVE-2025-7045

The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the deleteconfig action of the cssohandleactions function in all versions up to, and including, 1.0.19. This makes it possible for unauthenticated attackers to delete any...

CVE-2025-7045 Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Identity Provider Deletion via delete_config Action

The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the deleteconfig action of the cssohandleactions function in all versions up to, and including, 1.0.19. This makes it possible for unauthenticated attackers to delete any...

CVE-2025-7045

CVE-2025-7045 refers to the Cloud SAML SSO WordPress plugin, where a missing capability check on the delete_config action in csso_handle_actions() allows unauthenticated Identity Provider deletions, potentially breaking SSO and causing a denial-of-service. Multiple connected sources confirm affec...

CVE-2023-1093

The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers IdP, which could allow attackers to make logged in admins delete all IdP via a CSRF attack...