21955 matches found
WordPress BuddyPress Groupblog plugin <= 1.9.3 - Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR vulnerability
Authenticated Subscriber+ Privilege Escalation to Administrator via Group Blog IDOR vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin BuddyPress Groupblog versions = 1.9.3...
sigma-audit
Sigma Stack Audit Full-spectrum security audit combining five...
MINI-WG89-M8Q4-HXVJ
Bulletin has no description...
MINI-P6FV-34J8-VPG5
Bulletin has no description...
MINI-HJJH-VC7V-VJ8W
Bulletin has no description...
MINI-F324-QXRQ-JV5R
Bulletin has no description...
MINI-Q58W-G485-7WPC
Bulletin has no description...
📄 WBCE CMS Privilege Escalation / Insecure Direct Object Reference
WBCE CMS versions prior to 1.6.4 suffers from insecure direct object reference and privilege escalation vulnerabilities. CVE-2025-65094: WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation IDOR Overview | Field | Details | |---|---| | CVE ID | CVE-2025-65094 | | Severity | HI...
📄 ChurchCRM Cross Site Scripting
ChurchCRM versions 6.5.2 and below suffer from a persistent cross site scripting vulnerability in the person property assignment functionality. Note that the advisory says versions 6.3.0 and below are affected but the CVE entry states versions prior to 6.5.3. CVE-2025-67875: ChurchCRM has stored...
EspoCRM 安全漏洞
EspoCRM is an open-source, web-based Customer Relationship Management system CRM developed by EspoCRM. This system offers features such as sales automation, community management, and customer support. EspoCRM versions 9.3.3 and earlier contained security vulnerabilities. These vulnerabilities...
PT-2026-32522
EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...
PT-2026-32282
Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...
WordPress Tutor LMS plugin <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification vulnerability
Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Course Content Modification vulnerability discovered by Hunter Jensen skid in WordPress Plugin Tutor LMS versions = 3.9.7...
WordPress YITH WooCommerce Wishlist plugin < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR vulnerability
Unauthenticated Arbitrary Wishlist Renaming via IDOR vulnerability discovered by Chiao-Lin Yu Steven Meow in WordPress Plugin YITH WooCommerce Wishlist versions 4.13.0...
MINI-V6HH-PF76-C6H8
Bulletin has no description...
MINI-694W-M6HX-8PVC
Bulletin has no description...
MINI-Q75W-F4PF-HJXW
Bulletin has no description...
MINI-R9WG-FPV6-Q398
Bulletin has no description...
MINI-654P-55XW-Q343
Bulletin has no description...
MINI-76WR-5PR2-57R6
Bulletin has no description...