CVE-2025-10583

The WP Fastest Cache Premium plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'getservertimeajaxrequest' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web reques...

CVE-2025-10583 WP Fastest Cache Premium <= 1.7.4 - Missing Authorization to Authenticated (Subscriber+) Blind Server-Side Request Forgery

The WP Fastest Cache Premium plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'getservertimeajaxrequest' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web reques...

CVE-2025-10583 WP Fastest Cache Premium <= 1.7.4 - Missing Authorization to Authenticated (Subscriber+) Blind Server-Side Request Forgery

The WP Fastest Cache Premium plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'getservertimeajaxrequest' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web reques...

PT-2025-50897

The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'get server time ajax request' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests t...

'Use server time zone' setting not getting applied through Studio policy

PVS Target Device - Use server time zone policy is not getting applied on server 2019 VDA. Citrix Policy "Use local time of client" is Configured. Value set to use time zone of user session server time zone. Registry key: HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services...

Belloo 安全特征问题漏洞

Belloo, a "high quality" dating software from Belloo, is vulnerable to an access control error that originates from the use of md5$time to generate password recovery code in requestsuser.php. An attacker could use this vulnerability to predict the time value on the server and could easily guess t...

Chaturbate: Unrestricted POST request size on roomlogin endpoint

POST requests to endpoint /roomlogin/ are not limited in size. While the main website login endpoint correctly limits the size of request, this endpoint does not. This can be a mean to perform a DOS attack. Steps To Reproduce: 1. has a password-protected stream. 2. Send a large POST request to...

openSUSE Security Update : znc (openSUSE-2018-819)

This update for znc fixes the following issues : - Update to version 1.7.1 - CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf bnc1101281 - CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. bnc1101280 - Update to...

Security update for znc (moderate)

This update for znc fixes the following issues: - Update to version 1.7.1 CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf bnc1101281 CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. bnc1101280 - Update to...

memcached-info NSE Script

Retrieves information including system architecture, process ID, and server time from distributed memory object caching system memcached. Example Usage nmap -p 11211 --script memcached-info Script Output 11211/udp open unknown | memcached-info: | Process ID: 18568 | Uptime: 6950 seconds | Server...

Debian DSA-019-1 : squid - insecure tempfile handling

WireX discovered a potential temporary file race condition in the way that squid sends out email messages notifying the administrator about updating the program. This could lead to arbitrary files to get overwritten. However the code would only be executed if running a very bleeding edge release ...