CVE-2026-1925

The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'updatetemplatedata' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with...

CVE-2021-28848

Mintty before 3.4.5 allows remote servers to cause a denial of service Windows GUI hang by telling the Mintty window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. In other words, it does not implement a usleep or similar delay upon...

EUVD-2025-204651

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsmlformprocess AJAX action. This makes it possible for...

EUVD-2021-15502

Malware in sbrugna...

EUVD-2018-8861

Malware in sbrugna...

EUVD-2021-19055

Malware in sbrugna...

EUVD-2021-20201

Malware in sbrugna...

EUVD-2024-28997

Malicious code in bioql PyPI...

CVE-2024-6458

The WooCommerce Product Table Lite plugin for WordPress is vulnerable to unauthorized post title modification due to a missing capability check on the wcptpresetsduplicatepresettotable function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers with...

CVE-2023-3509

An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for group members with sub-maintainer role to change the title of privately accessible deploy keys associated...

CVE-2024-6824

The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'checktempvalidity' and 'updatetemplatetitle' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticate...

WordPress plugin WooCommerce Product Table Lite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

Mobatek MobaXterm < 21.0 (CVE-2021-28847)

The version of Mobatek MobaXterm installed on the remote host is prior to 21.0. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-28847 advisory. - MobaXterm before 21.0 allows remote servers to cause a denial of service Windows GUI hang via tab title change requests tha...

PT-2023-26889 · Unknown · Dangerzone

Name of the Vulnerable Software and Affected Versions: Dangerzone versions prior to 0.4.2 Description: The issue affects the Dangerzone CLI, where output from the container is logged to the user's terminal. If the container is compromised, an attacker may spoof messages in the terminal or change...

CVE-2021-36850

Cross-Site Request Forgery CSRF vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin versions = 5.1.9. Affected parameters "posttitle", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state...

CVE-2021-32198

EmTec ZOC through 8.02.4 allows remote servers to cause a denial of service Windows GUI hang by telling the ZOC window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. In other words, it does not implement a usleep or similar delay upon...

MobaXterm 资源管理错误漏洞

Mobatek MobaXterm is a suite of terminal software from the French company Mobatek that integrates an enhanced terminal, an X server and a Unix command set GNU/Cygwin. MobaXterm prior to 21.0 suffers from a security vulnerability that allows a remote server to cause a denial of service Windows GUI...

Reddit: [dubmash] Lack of authorization checks - Update Sound Titles

Summary: During the security testing, it has been observed that the UpdateSound api is vulnerable to IDOR. It allows an attacker to edit the victim's sound track titles. This vulnerability can be exploited using the sound track's uuid in the vulnerable request. This id is publicly known. Steps To...

Cross site request forgery (csrf)

e107 2.1.9 allows CSRF via e107admin/wmessage.php?mode=&action=inline&ajaxused=1&id= for changing the title of an arbitrary page...

CVE-2018-17081

e107 2.1.9 allows CSRF via e107admin/wmessage.php?mode=&action=inline&ajaxused=1&id= for changing the title of an arbitrary page...