WordPress MMA Call Tracking plugin <= 2.3.15 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin MMA Call Tracking versions = 2.3.15...

CVE-2025-7347

Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers. This issue affects Dinibh Patrol Tracking System: through 10022026. NOTE: The vendor was contacted early about this disclosu...

CVE-2025-7347 IDOR in Dinibh Puzzle's Dinibh Patrol Tracking System

Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers. This issue affects Dinibh Patrol Tracking System: through 10022026. NOTE: The vendor was contacted early about this disclosu...

CVE-2025-7347

Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers. This issue affects Dinibh Patrol Tracking System: through 10022026. NOTE: The vendor was contacted early about this disclosu...

CVE-2025-7347

CVE-2025-7347 concerns an Authorization Bypass Through User-Controlled Key in Dinibh Puzzle Software Solutions’ Dinibh Patrol Tracking System. The connected CVE record identifies an IDOR-style issue that enables exploitation of trusted identifiers, affecting the Dinibh Patrol Tracking System up t...

Dinibh Patrol Tracking System 安全漏洞

Dinibh Patrol Tracking System is an inspection management platform developed by the Turkish company Dinibh. The versions of Dinibh Patrol Tracking System 10022026 and earlier contained security vulnerabilities. These vulnerabilities stemmed from bypassing authorization using user control keys,...

PT-2026-7265

Name of the Vulnerable Software and Affected Versions Dinibh Patrol Tracking System versions through 10022026 Description An authorization bypass exists due to a user-controlled key issue in Dinibh Patrol Tracking System. This allows exploitation of trusted identifiers. The vendor was contacted...

A week in security (February 2 &#8211; February 8)

Last week on Malwarebytes Labs: Apple Pay phish uses fake support calls to steal payment details Open the wrong "PDF" and attackers gain remote access to your PC Flock cameras shared license plate data without permission Grok continues producing sexualized images after promised fixes Firefox is...

LangSmith Client SDKs 代码问题漏洞

LangSmith Client SDKs are a developer toolkit open-sourced by LangChain. Versions of LangSmith Client SDKs prior to 0.6.3 and 0.4.6 contained code vulnerabilities. These vulnerabilities stemmed from the distributed tracking feature not verifying HTTP headers, which could lead to server-side reque...

📄 Roundcube Webmail SVG Tracking

Roundcube's HTML sanitizer doesn't treat SVG feImage href as an image source. Attackers can bypass remote image blocking to track email opens. Roundcube Webmail , , and , but not on . Its href went through the wrong code path and got allowed through. Attackers could track email opens even when...

CVE-2026-25764

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

AirCatch: Effectively Tracing Advanced Tag-Based Trackers

Tag-based tracking ecosystems help users locate lost items, but can be leveraged for unwanted tracking and stalking. Existing protocol-driven defenses and prior academic solutions largely assume stable identifiers or predictable beaconing. However, identifier-based defenses fundamentally break do...

CVE-2026-25764

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

EUVD-2026-5557

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

CVE-2026-25764

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

CVE-2026-25764 OpenProject vulnerable to Stored HTML injection

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

CVE-2026-25764

OpenProject suffers a stored HTML injection in the time-tracking workflow prior to 16.6.7 and 17.0.3. The HTML is not escaped in the work package name, allowing an attacker with administrator privileges to inject HTML into the name when creating time-tracking entries, potentially affecting the Wo...

CVE-2026-25764 OpenProject vulnerable to Stored HTML injection

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

CVE-2026-25764 OpenProject vulnerable to Stored HTML injection

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

OpenProject 安全漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 16.6.7 and 17.0.3 had security vulnerabilities. These vulnerabilities stemmed from HTML injection in the time tracking feature, which could lead to cross-site scripting attacks...