EUVD-2026-32950

Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse never reads this field, meaning that time bounds are...

EUVD-2014-1622

Malware in sbrugna...

CVE-2025-59270 psPAS does not enforce TLS 1.2 within Get-PASSAMLResponse

psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. An unauthenticated attacker in a 'Man-in-the-Middle' position could manipulate the TLS handshake and downgrade TLS to a deprecated protocol. Fixed in 7.0.2...

CVE-2025-7499

The BetterDocs – Advanced AI-Driven Documentation, FAQ & Knowledge Base Tool for Elementor & Gutenberg with Encyclopedia, AI Support, Instant Answers plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getresponse function in all versions up ...

CVE-2025-7499

The BetterDocs – Advanced AI-Driven Documentation, FAQ & Knowledge Base Tool for Elementor & Gutenberg with Encyclopedia, AI Support, Instant Answers plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getresponse function in all versions up ...

CVE-2025-7499 BetterDocs <= 4.1.1 - Missing Authorization to Private And Password-Protected Posts Information Disclosure

The BetterDocs – Advanced AI-Driven Documentation, FAQ & Knowledge Base Tool for Elementor & Gutenberg with Encyclopedia, AI Support, Instant Answers plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getresponse function in all versions up ...

CVE-2025-7339

A header modification flaw has been discovered in the on-headers npm library. In specific cases, response headers may be inadvertently modified when an array is passed to response.writeHead. Mitigation Users may work around this issue by passing an object rather than an array to the...

PT-2025-6546 · WordPress · Team Members Showcase Plugin

Name of the Vulnerable Software and Affected Versions: The Team – Team Members Showcase Plugin plugin for WordPress versions up to, and including, 4.4.9 Description: The issue is related to unauthorized access due to a missing capability check on the response function. This allows authenticated...

PT-2024-17881 · Unknown · Taisan Tarzan-Cms

Name of the Vulnerable Software and Affected Versions: taisan tarzan-cms version 1.0.0 Description: A critical issue was found in the Article Management component, specifically affecting the UploadResponse function of the UploadController.java file. The manipulation of the file argument leads to...

CVE-2024-24263

Lotos WebServer v0.1.1 was discovered to contain a Use-After-Free UAF vulnerability via the responseappendstatusline function at /lotos/src/response.c...

Cross site scripting

Reflected Cross-Site Scripting XSS vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking...