134 matches found
CVE-2025-13134
The AuthorSure plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the 'authorsure' page. This makes it possible for unauthenticated attackers to update settings and inject malicious we...
EUVD-2025-34371
Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally...
CVE-2025-59250
Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network...
Windows Taskbar Live Preview Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack...
PT-2025-42157
Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description An issue involving uncontrolled resource consumption exists in Windows Remote Procedure Call. This can allow an unauthorized attacker to cause a denial of service over a network...
EUVD-2025-25495
Malicious code in bioql PyPI...
EUVD-2025-27552
Malicious code in bioql PyPI...
CVE-2025-56551
DirectAdmin Evolution Skin (v1.680) is affected. A crafted GET request can cause the page layout to be modified and replace the legitimate login interface with attacker-controlled content. Root cause is unspecified in the documents beyond content manipulation; exploitation status is not detailed....
PT-2025-38063
Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based for Android affected versions not specified Description: The software contains a flaw due to insufficient user interface warnings regarding dangerous operations. This allows an unauthorized attacker to perform...
CVE-2025-55367
Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account...
CVE-2025-25006
CVE-2025-25006 affects Microsoft Exchange Server. The connected MSKB/ advisories confirm a spoofing vulnerability arising from improper handling of an additional special element, exploitable over the network with no privileges or user interaction required. Microsoft released fixes: KB5063224 (Exc...
PT-2025-32770 · Microsoft · Edge For Android
Name of the Vulnerable Software and Affected Versions: Microsoft Edge for Android affected versions not specified Description: A user interface UI misrepresentation of critical information in Microsoft Edge for Android can allow an unauthorized attacker to perform spoofing over a network...
Microsoft SharePoint Server Spoofing Vulnerability
SharePoint Server is a locally deployed enterprise collaboration platform from Microsoft that supports content sharing, knowledge management, and application integration, and works seamlessly with Microsoft 365 subscriptions to access the latest features. A spoofing vulnerability exists in...
CVE-2025-53771
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network...
CVE-2025-33068
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network...
DHCP Server Service Denial of Service Vulnerability
Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network...
CVE-2024-9378
The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
CVE-2023-50767
Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML...
CVE-2021-20864
Improper access control vulnerability in ELECOM routers WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior,...
GHSA-227R-W5J2-6243 InvokeAI Arbitrary File Deletion vulnerability
In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...