CVE-2019-25738

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hcajaxsaveoption action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to...

PT-2026-46208

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc ajax save option action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set t...

CVE-2026-0912 Toret Manager <= 1.2.7 - Authenticated (Subscriber+) Arbitrary Options Update via AJAX actions

The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trmansaveoption' function and on the 'trmansaveoptionitems' in all versions up to, and including, 1.2.7. This makes it possible...

CVE-2026-22262 Suricata datasets: stack overflow when saving a set

Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not us...

EUVD-2023-31269

Malicious code in bioql PyPI...

CVE-2025-9617 Publish approval <= 1.1 - Cross-Site Request Forgery

The Publish approval plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the publishsaveoption function. This makes it possible for unauthenticated attackers to modify plugin settings v...

CVE-2025-9617

CVE-2025-9617: The WordPress Publish approval plugin is affected by Cross-Site Request Forgery in all versions up to 1.1 due to missing/incorrect nonce validation in publish_save_option. This permits unauthenticated attackers to alter plugin settings via forged requests if a site admin is tricked...

CVE-2025-9617 Publish approval <= 1.1 - Cross-Site Request Forgery

The Publish approval plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the publishsaveoption function. This makes it possible for unauthenticated attackers to modify plugin settings v...

PT-2025-37144

The Publish approval plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the publish save option function. This makes it possible for unauthenticated attackers to modify plugin settings...

CVE-2024-41503

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting XSS in the field "Ttulo" title inside the filter Save option in the "Busca" search function...

CVE-2024-41503

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting XSS in the field "Ttulo" title inside the filter Save option in the "Busca" search function...

WordPress plugin WIP Incoming Lite 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2023-27507

MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it...

DEBIAN-CVE-2012-0787

The clonefile function in transfer.c in Augeas before 1.0.0, when copyifrenamefails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the 1 .augsave or 2 destination file when using th...

Information disclosure

The clonefile function in transfer.c in Augeas before 1.0.0, when copyifrenamefails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the 1 .augsave or 2 destination file when using th...

[Chrome Password Decryptor v4.6] Recover all stored passwords from Google Chrome

Chrome Password Decryptor is the FREE tool to instantly recover all stored passwords from Google Chrome browser. It automatically detect the default Chrome profile path for the current user and displays all the stored login passwords in clear text after decrypting them. It also shows all the...