CVE-2025-62978 WordPress KiotViet Sync plugin <= 1.8.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Kiotviet KiotViet Sync kiotvietsync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiotViet Sync: from n/a through = 1.8.5...

CVE-2025-62978 WordPress KiotViet Sync plugin <= 1.8.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Kiotviet KiotViet Sync kiotvietsync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiotViet Sync: from n/a through = 1.8.5...

CVE-2025-62978

CVE-2025-62978 is a Missing Authorization / Broken Access Control vulnerability affecting KiotViet Sync for WordPress (≤ 1.8.5). The advisory notes insufficient access control configuration; CVSS v3.1 base score 4.3 (Medium) with network attack vector and low privileges required. The Red Hat/NVD ...

Linux Distros Unpatched Vulnerability : CVE-2025-39982

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: hcievent: Fix UAF in hciaclcreateconnsync This fixes the following UFA in hciaclcreateconnsync where a connection still pending is command submission...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-27052)

Vulnerability in Linux kernel: wifi: rtl8xxxu: add cancelworksync for c2hcmdwork The workqueue might still be running, when the driver is stopped. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...

WordPress plugin KiotViet Sync 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blogging sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

PT-2025-43850

Missing Authorization vulnerability in Kiotviet KiotViet Sync kiotvietsync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiotViet Sync: from n/a through = 1.8.5...

CVE-2025-11976

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missing or incorrect nonce validation on the...

EUVD-2025-35919

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missing or incorrect nonce validation on the...

CVE-2025-11976

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missing or incorrect nonce validation on the...

CVE-2025-11976

CVE-2025-11976 concerns FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) for WordPress. According to connected sources, the vulnerability is a Cross-Site Forgery (CSRF) due to missing or incorrect nonce validation in the save_cha...

CVE-2025-11976 FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Cross-Site Request Forgery to Sync Rule Creation

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missing or incorrect nonce validation on the...

PT-2025-43723

Name of the Vulnerable Software and Affected Versions FuseWP – WordPress User Sync to Email List & Marketing Automation plugin versions prior to 1.1.23.0 Description The FuseWP plugin for WordPress is susceptible to a Cross-Site Request Forgery CSRF issue. This is caused by inadequate nonce...

WordPress Captivate Sync plugin deserialization vulnerability

WordPress Captivate Sync plugin is a WordPress plugin developed by Captivate, which belongs to RebelBaseMedia's products and is mainly used to simplify the Podcast management process. WordPress Captivate Sync plugin suffers from a deserialization vulnerability that stems from unsafe deserializati...

CVE-2025-60221

Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync: from n/a through = 3.0.3...

Kentico Xperience < 13.0.173 Auth Bypass

According to its self-reported version number, the version of Kentico Xperience on the remote Windows host is prior to 13.0.173. It is, therefore, affected by an authentication bypass vulnerability via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication...

Kentico Xperience < 13.0.178 Multiple Vulnerabilities

According to its self-reported version number, the version of Kentico Xperience on the remote Windows host is prior to 13.0.178. It is, therefore, affected by multiple vulnerabilities: - An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync...

EUVD-2022-55670

In the Linux kernel, the following vulnerability has been resolved: regmap-irq: Use the new numconfigregs property in regmapaddirqchipfwnode Commit faa87ce9196d "regmap-irq: Introduce config registers for irq types" added the numconfigregs, then commit 9edd4f5aee84 "regmap-irq: Deprecate type...

CVE-2025-60221

Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync: from n/a through = 3.0.3...

CVE-2025-60221 WordPress Captivate Sync Plugin <= 3.0.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync: from n/a through = 3.0.3...