PT-2026-47026

Name of the Vulnerable Software and Affected Versions Hippoo Mobile App for WooCommerce versions prior to 1.9.5 Description An authentication bypass exists that allows for administrator account takeover. The issue stems from a logic conflation in the get user permissions function within...

EUVD-2024-47007

The Easy Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eaflresetsettings AJAX action in all versions up to, and including, 3.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2026-32839

Edimax GS-5008PL firmware 1.00.54 and earlier is impacted by a cross-site request forgery (CSRF) vulnerability. The issue stems from lack of anti-CSRF tokens and insufficient request validation, enabling remote attackers to coerce logged-in administrators into performing actions via malicious pag...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the login UI due to improper handling of the default redirect URI. An attacker can execute arbitrary JavaScript code in the victim's browser by setting a malicious redirect URI, potentially allowing them to...

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-3687Cross-site scripting vulnerability in E-mail CWE-79 - CVE-2026-20711 CyVDB-3689Cross-site scripting vulnerability in Message CWE-79 - CVE-2026-22881 CyVDB-3995Improper input verification in...

EUVD-2025-206320

EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminateconnectiononfailedresponse is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the modul...

CVE-2021-22445

There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset...

CVE-2025-55796

The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted ...

CVE-2025-11833

CVE-2025-11833 affects the WordPress Post SMTP plugin up to and including version 3.6.0, due to a missing capability check in the __construct function. This unauthenticated issue lets attackers read arbitrary logged emails (including password reset emails), enabling potential account takeover and...

EUVD-2021-22792

Malware in sbrugna...

EUVD-2018-6885

Malware in sbrugna...

EUVD-2021-15182

Malware in sbrugna...

EUVD-2019-17274

Malware in sbrugna...

EUVD-2020-3817

Malware in sbrugna...

EUVD-2022-25475

Malicious code in bioql PyPI...

EUVD-2025-2663

Malicious code in bioql PyPI...

EUVD-2021-9560

Malicious code in bioql PyPI...

EUVD-2022-3703

Malicious code in bioql PyPI...

EUVD-2022-5592

Malicious code in bioql PyPI...

GHSA-9WJ2-4HCM-R74J phpMyFAQ duplicate email registration allows multiple accounts with the same email

Summary phpMyFAQ does not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password resets, notifications, and administrative actions, this flaw can cause...