EUVD-2025-199958

A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rat...

CVE-2023-40004 Unauth. Access Token Manipulation vulnerability in multiple ServMask WordPress plugins

Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box...

CVE-2023-40004 Unauth. Access Token Manipulation vulnerability in multiple ServMask WordPress plugins

Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box...

GHSA-FPVW-6M5V-HQFP Capsule Proxy Authentication bypass using an empty token

The privilege escalation is based on a missing check if the user is authenticated based on the TokenReview result. All the clusters running with the anonymous-auth Kubernetes API Server setting disable set to false are affected since it would be possible to bypass the token review mechanism,...

CVE-2023-41237

CVE-2023-41237 stems from an unauthenticated, reflected Cross-Site Scripting (XSS) in the WordPress theme Everest Themes’ Arya Multipurpose Pro, versioned ≤ 1.0.8. Public writeups consistently describe it as an unauthenticated XSS issue, with the impact limited to data integrity and user interact...