CVE-2024-54386

Cross-Site Request Forgery CSRF vulnerability in pushmonkey Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart push-monkey-desktop-push-notifications allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart:...

CVE-2025-20899

CVE-2025-20899 concerns an improper access control flaw in Samsung’s PushNotification component. Affected: PushNotification prior to 13.0.00.15 on Android 12, prior to 14.0.00.7 on Android 13, and prior to 15.1.00.5 on Android 14. The root cause is access-control weaknesses that could allow a loc...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices, which stems from an improper access control issue contained in PushNotification...

WordPress All push notification for WP plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Dimas Maulana in WordPress Plugin All push notification for WP versions = 1.5.3...

Security update for curl

This update for curl fixes the following issues: Security issues fixed: CVE-2024-7264: ASN.1 date parser overread bsc1228535 CVE-2024-6197: Freeing stack buffer in utf8asn1str bsc1227888 CVE-2024-2379: QUIC certificate check bypass with wolfSSL bsc1221666 CVE-2024-2466: TLS certificate check bypa...

SUSE-SU-2025:20029-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2024-7264: ASN.1 date parser overread bsc1228535 - CVE-2024-6197: Freeing stack buffer in utf8asn1str bsc1227888 - CVE-2024-2379: QUIC certificate check bypass with wolfSSL bsc1221666 - CVE-2024-2466: TLS certificate...

CVE-2024-57909 iio: light: bh1745: fix information leak in triggered buffer

In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1745: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses...

InformationPush 跨站脚本漏洞

InformationPush is an information push system by kaixin1995 individual developers. A security vulnerability exists in InformationPush that stems from the inclusion of a cross-site scripting vulnerability...

CVE-2025-23720

Cross-Site Request Forgery CSRF vulnerability in Marco Castelluccio Web Push web-push allows Stored XSS.This issue affects Web Push: from n/a through = 1.4.0...

CVE-2025-23720 WordPress Web Push plugin <= 1.4.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Marco Castelluccio Web Push web-push allows Stored XSS.This issue affects Web Push: from n/a through = 1.4.0...

CVE-2025-23720 WordPress Web Push plugin <= 1.4.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Marco Castelluccio Web Push web-push allows Stored XSS.This issue affects Web Push: from n/a through = 1.4.0...

CVE-2025-23720

CVE-2025-23720 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Web Push (web-push) plugin by Marco Castelluccio that can lead to stored XSS. The provided sources confirm the issue arises in Web Push and can result in stored XSS, affecting versions up to and including ...

WordPress Push Notification for Post and BuddyPress plugin <= 2.11 - Settings Change vulnerability

Settings Change vulnerability discovered by Mika in WordPress Plugin Push Notification for Post and BuddyPress versions = 2.11...

WordPress Web Push plugin <= 1.4.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Web Push versions = 1.4.0...

WordPress Push Envoy Notifications plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin Push Envoy Notifications versions = 1.0.0...

PT-2025-5048 · Mozilla · Web-Push

Name of the Vulnerable Software and Affected Versions: Mozilla Web Push versions n/a through 1.4.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability in Mozilla Web Push, which allows Stored XSS. Recommendations: For Mozilla Web Push versions n/a through 1.4.0,...

WordPress plugin Web Push 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

The vulnerability in the Advanced PWA module of the Drupal CMS system, related to incorrect authentication, allows a hacker to bypass security restrictions and execute a Forceful Browsing attack.

The vulnerability of the Advanced PWA module in Drupal’s Push Notifications CMS system is related to improper authentication. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute a Forceful Browsing attack...

CVE-2024-12407 Push Notification for Post and BuddyPress <= 2.07 - Reflected Cross-Site Scripting

The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pushnotificationid' parameter in all versions up to, and including, 2.07 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...

CVE-2024-12407

CVE-2024-12407 affects the Push Notification for Post and BuddyPress WordPress plugin. It enables a reflected XSS via the pushnotificationid parameter in versions up to and including 2.06, exploitable by unauthenticated attackers who lure a user to perform an action. Impact is described as client...