84 matches found
CVE-2026-45327
TinyIce is a streaming server for audio and video. In versions 0.8.95 through 2.4.1, missing authentication on WebRTC ingest endpoint allows unauthenticated stream injection. Version 2.5.0 fixes the issue by requiring either HTTP Basic auth or a ?password= query parameter, comparing the supplied...
CVE-2026-33507
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginImport.json.php endpoint allows admin users to upload and install plugin ZIP files containing executable PHP code, but lacks any CSRF protection. Combined with the application explicitly setting...
CVE-2026-27977
Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, in next dev, cross-site protection for internal websocket endpoints could treat Origin: null as a bypass case even if allowedDevOrigins is configured, allowing...
CVE-2026-27977 Next.js: null origin can bypass dev HMR websocket CSRF checks
Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, in next dev, cross-site protection for internal websocket endpoints could treat Origin: null as a bypass case even if allowedDevOrigins is configured, allowing...
The vulnerability of the FreeScout support service management system lies in the lack of measures to protect the website structure. This allows attackers to disclose confidential information and carry out CSRF attacks.
The vulnerability of the FreeScout support service management system lies in the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to disclose confidential information and carry out a CSRF attack using a specially created website...
The vulnerability of the cookie-consent management module on Drupal COOKiES websites stems from the lack of measures taken to protect the website structure. This allows attackers to perform cross-site scripting attacks (XSS).
The vulnerability of the cookie-consent management module on Drupal COOKiES websites is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks remotely...
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 26, 2025 to June 1, 2025)
In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. Last week, there were 65 vulnerabilities disclosed in 60 WordPress Plugin...
Beware! A threat actor could steal the titles of your private (and draft) WordPress posts with this new vulnerability!
As of today, almost a billion sites have been built using WordPress, powering businesses and organizations of all sizes. That makes any newly discovered vulnerability especially concerning—like the one recently found and reported by Imperva researchers, which could affect any WordPress site. In...
6,000 WordPress Sites Affected by Arbitrary File Move Vulnerability in Drag and Drop Multiple File Upload for WooCommerce WordPress Plugin
📢Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...
The vulnerability of the Adobe Experience Manager content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability in the download.php script (/phpoffice/phpspreadsheet/samples/download.php) of the PhpSpreadsheet library allows attackers to perform cross-site scripting attacks.
The vulnerability of the download.php /phpoffice/phpspreadsheet/samples/download.php PHP library in the PhpSpreadsheet library is related to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability could allow a remote attacker to perform cross-site scripting...
The vulnerability of the web client VPN microprogramming system for Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows attackers to execute cross-site scripting (XSS) attacks.
The vulnerability of the VPN web client microprogramming software for Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site...
The vulnerability of the Power Monitoring Expert, Power Operation, and Power SCADA Operation software allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of the Power Monitoring Expert, Power Operation, and Power SCADA Operation software relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks from a remote location...
The vulnerability in the web interface of the Cisco Secure Firewall Management Center software for network administration allows a perpetrator to execute cross-site scripting attacks.
The vulnerability in the web interface of the Cisco Secure Firewall Management Center formerly known as Cisco Firepower Management Center is related to the lack of protective measures for the website structure. Exploiting this vulnerability can allow attackers to execute cross-site scripting...
The vulnerability of the PT MultiScanner malware protection system and the PT Sandbox network sandboxing mechanism is related to the disclosure of information through registration files, which allows attackers to enhance their privileges.
The vulnerability of the PT MultiScanner malware protection system and the PT Sandbox network sandboxing solution is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to elevate their privileges to the role of a “Securit...
The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in the lack of protective measures for website structures, allowing attackers to execute arbitrary code.
The vulnerabilities of the software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to the lack of measures taken to protect the website structure. Exploiting these vulnerabilities allows a malicious actor to...
The vulnerability of the GLPI system’s handling of requests and incidents stems from the lack of measures taken to protect the website structure. This allows attackers to carry out cross-site scripting attacks.
The vulnerability in the GLPI request and incident handling system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...
The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...