WordPress plugin Push Notification for Post and BuddyPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

git: The sideband payload is passed unfiltered to the terminal in git

A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with "remote:" and printed directly to the standard error output. Typically, thi...

Malicious code in bitpay-push-notification-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff585151e0d20f0a3114337d0053b2fa14d0b74c758b8d3a60f9645028bba9f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3679 Malicious code in bitpay-push-notification-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff585151e0d20f0a3114337d0053b2fa14d0b74c758b8d3a60f9645028bba9f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

"Cannot Complete your request" during enumeration for DUO OAuth in 2 factor setup

Getting " Cannot complete your request" after duo push is successfully sent. In the url tab, we could see the client connection being pointed to storefront successfully...

CVE-2025-32540

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in feedify Feedify – Web Push Notifications push-notification-by-feedify allows Reflected XSS.This issue affects Feedify – Web Push Notifications: from n/a through = 2.4.5...

CVE-2025-32546

Cross-Site Request Forgery CSRF vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affects All push notification for WP: from n/a through = 1.5.3...

SUSE-SU-2025:20278-1 Security update for helm

This update for helm fixes the following issues: - Update to version 3.17.2 bsc1238688, CVE-2025-22870: Updating to 0.37.0 for x/net builddeps: bump the k8s-io group with 7 updates - Update to version 3.17.1: merge null child chart objects builddeps: bump the k8s-io group with 7 updates fix: chec...

CVE-2025-32540

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in feedify Feedify – Web Push Notifications push-notification-by-feedify allows Reflected XSS.This issue affects Feedify – Web Push Notifications: from n/a through = 2.4.5...

CVE-2025-32546

Cross-Site Request Forgery CSRF vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affects All push notification for WP: from n/a through = 1.5.3...

CVE-2025-32540

CVE-2025-32540 refers to a Reflected Cross-Site Scripting (XSS) vulnerability in the Feedify – Web Push Notifications WordPress plugin, affecting versions up to and including 2.4.5. Root cause: improper input neutralization during web page generation leading to reflected XSS. CVSS v3.1 base score...

WordPress plugin Feedify – Web Push Notifications 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

WordPress plugin All push notification for WP 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2025-17107 · Unknown · Feedify – Web Push Notifications

Name of the Vulnerable Software and Affected Versions: Feedify – Web Push Notifications versions n/a through 2.4.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Reflected XSS. This means that ...

WordPress Feedify – Web Push Notifications plugin <= 2.4.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Feedify – Web Push Notifications versions = 2.4.5...

CLSA-2025-1744710425 Fix CVE(s): CVE-2024-5594

SECURITY UPDATE: Improper PUSHREPLY sanitization allows attackers to inject arbitrary data into third-party executables - debian/patches/CVE-2024-5594.patch: Properly handle null bytes and invalid characters in control - CVE-2024-5594 UPDATE CERTIFICATES: Renew sample keys -...

CVE-2025-32547

Cross-Site Request Forgery CSRF vulnerability in gtlwpdev All push notification for WP all-push-notification allows Blind SQL Injection.This issue affects All push notification for WP: from n/a through = 1.5.3...

CVE-2025-32547

Cross-Site Request Forgery CSRF vulnerability in gtlwpdev All push notification for WP all-push-notification allows Blind SQL Injection.This issue affects All push notification for WP: from n/a through = 1.5.3...

WordPress plugin All push notification for WP 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2025-15786 · WordPress · Push Notification For Wp

Name of the Vulnerable Software and Affected Versions: All push notification for WP versions 1.5.3 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that also allows Blind SQL Injection. This means an attacker could potentially force a user to perfor...