Lucene search
K

579 matches found

EUVD
EUVD
added 2026/02/03 11:33 a.m.5 views

EUVD-2025-206765

In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...

1CVSS5.4AI score0.00151EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/03 11:33 a.m.3 views

CVE-2025-11598 Exposure of Confidential Information in mObywatel application

In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...

1CVSS5.4AI score0.00151EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/03 11:33 a.m.3 views

CVE-2025-11598

In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...

1CVSS5.4AI score0.00151EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/03 11:33 a.m.29 views

CVE-2025-11598 Exposure of Confidential Information in mObywatel application

In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...

1CVSS0.00151EPSS
Exploits0References2
CVE
CVE
added 2026/02/03 11:33 a.m.13 views

CVE-2025-11598

The CVE-2025-11598 entry describes a vulnerability in the mObywatel iOS app where an unauthorized user can use the App Switcher to view the account owner’s personal information in the minimized app window after the login session has ended. The data exposed depends on the last application view sho...

1CVSS5.4AI score0.00151EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

Ministerstwo Cyfryzacji mObywatel 安全漏洞

Ministerstwo Cyfryzacji mObywatel is a national digital identity and government services application developed by the Polish Ministry of Digital Affairs. Versions of Ministerstwo Cyfryzacji mObywatel prior to version 4.71.0 contained a security vulnerability. This vulnerability allowed unauthoriz...

1CVSS5.8AI score0.00151EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-5872

Name of the Vulnerable Software and Affected Versions mObywatel versions prior to 4.71.0 Description An unauthorized user can view an account owner's personal information in the minimized application window using the App Switcher, even after the login session has ended. Reopening the application...

1CVSS5.4AI score0.00151EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/02 8:47 a.m.5 views

WordPress Elegant Addons for elementor plugin <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Switcher, Slider, and Iconbox Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Switcher, Slider, and Iconbox Widgets vulnerability discovered by stealthcopter in WordPress Plugin Elegant Addons for elementor versions = 1.0.8...

6.4CVSS5.3AI score0.00321EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.6 views

CVE-2019-18668

An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This...

6.5CVSS6.7AI score0.01813EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:29 a.m.7 views

CVE-2023-49834

Cross-Site Request Forgery CSRF vulnerability in realmag777 FOX – Currency Switcher Professional for WooCommerce.This issue affects FOX – Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4...

8.8CVSS8.5AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:18 a.m.6 views

CVE-2025-23939

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KHAN-IT Image Switcher image-switcher allows Stored XSS.This issue affects Image Switcher: from n/a through = 1.1...

6.5CVSS7.2AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:47 a.m.6 views

CVE-2025-23619

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Catch Duplicate Switcher catch-duplicate-switcher allows Reflected XSS.This issue affects Catch Duplicate Switcher: from n/a through = 2.0...

7.1CVSS5.9AI score0.00363EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/19 7:26 a.m.6 views

CVE-2025-12524

The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...

5.4CVSS5.7AI score0.00255EPSS
Exploits0References1
NVD
NVD
added 2025/11/18 7:15 a.m.5 views

CVE-2025-12524

The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...

5.4CVSS0.00255EPSS
Exploits0References6
CVE
CVE
added 2025/11/18 6:43 a.m.16 views

CVE-2025-12524

CVE-2025-12524 refers to the WordPress plugin Post Type Switcher (versions up to and including 4.0.0). The issue is an Insecure Direct Object Reference due to missing validation on a user-controlled key, allowing authenticated attackers with Author-level access or higher to modify the post type o...

5.4CVSS5.3AI score0.00255EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/11/18 6:43 a.m.5 views

CVE-2025-12524 Post Type Switcher <= 4.0.0 - Insecure Direct Object Reference to Authenticated (Author+) Post Type Change

The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...

5.4CVSS5.3AI score0.00255EPSS
Exploits0References6
EUVD
EUVD
added 2025/11/18 6:43 a.m.4 views

EUVD-2025-197957

The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...

5.4CVSS5.2AI score0.00255EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/11/18 6:43 a.m.9 views

CVE-2025-12524 Post Type Switcher <= 4.0.0 - Insecure Direct Object Reference to Authenticated (Author+) Post Type Change

The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...

5.4CVSS0.00255EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.3 views

WordPress plugin Post Type Switcher 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.4CVSS6.6AI score0.00255EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.6 views

PT-2025-47243

Name of the Vulnerable Software and Affected Versions Post Type Switcher plugin for WordPress versions up to and including 4.0.0 Description The software contains an Insecure Direct Object Reference issue because of missing validation on a user-controlled key. Authenticated attackers with...

5.4CVSS6.1AI score0.00255EPSS
Exploits0References9
Rows per page
Query Builder