WordPress WP Full Stripe Free plugin <= 8.4.1 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by hhhai in WordPress Plugin WP Full Stripe Free versions = 8.4.1...

WordPress Dazzle theme <= 1.0.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Dazzle versions = 1.0.0...

WordPress Presto Player plugin <= 4.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Presto Player versions = 4.1.3...

WordPress Tablesome plugin <= 1.2.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Tablesome versions = 1.2.3...

WordPress iXML - Google XML sitemap generator plugin <= 0.6 - Reflected Cross-Site Scripting via 'iXML_email' Parameter vulnerability

WordPress iXML - Google XML sitemap generator plugin = 0.6 - Reflected Cross-Site Scripting via 'iXMLemail' Parameter vulnerability discovered by johska in WordPress Plugin iXML versions = 0.6...

`rpc-check` was removed from crates.io for malicious code

It was attempting to steal credentials from the POLYMARKETPRIVATEKEY environment variable. The malicious crate had 3 versions published on 2026-02-15 and had been downloaded only 155 times. There were no crates depending on this crate on crates.io. Thanks to Sisong Li for finding and reporting th...

WordPress KiviCare plugin <= 3.6.16 - SQL Injection vulnerability

SQL Injection vulnerability discovered by alakinnn in WordPress Plugin KiviCare versions = 3.6.16...

django: Django SQL injection

A potential SQL injection vulnerability has been discovered in the Django web framework. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q were subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 457351015 High CVE-2025-13042: Inappropriate implementation in V8. Reported by 303f06e3 on 2025-11-03...

Drupal CKEditor5 Youtube module < 1.0.4 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS vulnerability discovered by nico.b in WordPress Module CKEditor5 Youtube versions 1.0.4...

PT-2025-15909 · Crates.Io · Tokio

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...

regione.abruzzo.it Open Redirect vulnerability OBB-4037495

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

maniadb.com Open Redirect vulnerability OBB-4036745

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

supersoluce.com Open Redirect vulnerability OBB-4034769

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

roxy.in Open Redirect vulnerability OBB-4033981

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

hexamitra.co.id Cross Site Scripting vulnerability OBB-4031519

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

pricewisetaxi.nl Cross Site Scripting vulnerability OBB-4031333

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress RealHomes theme <= 4.3.6 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by luc Patchstack in WordPress Theme RealHomes versions = 4.3.6...

WordPress Shortcode in Comment plugin <= 1.1.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Shortcode in Comment versions = 1.1.1...

WordPress Arkhe Blocks plugin <= 2.23.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Arkhe Blocks versions = 2.23.0...