461 matches found
CVE-2025-63221
CVE-2025-63221 (Axel Technology puma devices) affects firmware versions 0.8.5–1.0.3. The vulnerability is due to broken access control from missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. An unauthenticated remote attacker can enumerate user accounts, create new administrative users...
EUVD-2025-197935
The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due to a missing capability check on the 'wpajaxsavesettings' AJAX action in all versions up to, and including, 1.3.3. This is due to the absence of any capability verification in the dlpnsavesettings...
CVE-2025-12961
The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due to a missing capability check on the 'wpajaxsavesettings' AJAX action in all versions up to, and including, 1.3.3. This is due to the absence of any capability verification in the dlpnsavesettings...
CVE-2025-12961 Download Panel <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification
The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due to a missing capability check on the 'wpajaxsavesettings' AJAX action in all versions up to, and including, 1.3.3. This is due to the absence of any capability verification in the dlpnsavesettings...
CVE-2025-12372 The Permalinks Cascade <= 2.2 - Missing Authorization To Authenticated (Subscriber+) Plugin Settings Update
The Permalinks Cascade plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action in the handleTPCAdminAjaxRequest function. This makes it possible for...
EUVD-2025-197943
The Top Friends plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing nonce validation on the topfriendsoptionssubpanel function. This makes it possible for unauthenticated attackers to modify plugin settings via a forge...
CVE-2025-12827
CVE-2025-12827 (Top Friends) : The WordPress Top Friends plugin is vulnerable to Cross-Site Forgery (CSRF) in all versions up to 0.3 due to missing nonce validation in the top_friends_options_subpanel() function. This allows unauthenticated attackers to modify plugin settings by tricking an admin...
WordPress plugin WP Duplicate Page 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
MAL-2025-60158 Malicious code in conscious_salamander_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52bf9a986880b0e84182e97794f72f1799cb308f941c11580b4d13a1b37ee67d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2025-27919
An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the attacker can later...
CVE-2025-12636 Ubia Ubox
The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings...
CVE-2025-12636
The CVE-2025-12636 affects Ubia/NVR Ubia camera ecosystem (notably Ubia Ubox). Root cause: insufficient protection of API credentials, enabling an attacker to connect to backend services. Impact (per sources): unauthorized access to cameras, allowing viewing live feeds and potential modification ...
CVE-2025-12413
The Social Media WPCF7 Stop Words plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.3. This is due to missing or incorrect nonce validation on the smWpCfSwOptions function. This makes it possible for unauthenticated attackers to update the...
CVE-2025-12415
The MapMap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the adminshortcodesubmit, adminconfigurationsubmit, and adminshortcodedelete functions. This makes it possible for...
CVE-2025-12456 Centangle Team Showcase <= 1.0.0 - Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site Scripting
The Centangle-Team plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to modify plugin's settings via a forged reques...
EUVD-2025-35907
The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'approveNotice' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings...
CVE-2025-11887 Supervisor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update
The Supervisor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...
EUVD-2025-33840
The Web Accessibility By accessiBe plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10. This is due to missing nonce validation on multiple AJAX actions including accessibesignup, accessibelogin, accessibelicensetrial, accessibemodifyconfig,...
EUVD-2017-7755
Malware in sbrugna...
EUVD-2019-6738
Malware in sbrugna...