WordPress plugin Happy Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress Plugin BetterDocs 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

terriajs-server 代码问题漏洞

terriajs-server is a NodeJS Express server developed by Terria. Versions of terriajs-server prior to 4.0.3 contained code vulnerabilities due to validation errors, which could allow unauthorized domains to be accessed through the proxy...

Vadi Corporate Information Systems DigiKent 安全漏洞

Vadi Corporate Information Systems DigiKent is an internet platform operated by Vadi Corporate Information Systems in Turkey. Vadi Corporate Information Systems DigiKent versions prior to 13092025 contained security vulnerabilities. These vulnerabilities stemmed from the exposure of sensitive...

WordPress plugin Nexter Blocks has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

CVE-2023-31492

Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users...

Protection Mechanism Failure

Overview @anthropic-ai/sandbox-runtime is an Anthropic Sandbox Runtime ASRT - A general-purpose tool for wrapping security boundaries around arbitrary processes Affected versions of this package are vulnerable to Protection Mechanism Failure due to improper enforcement of network sandboxing in th...

EUVD-2025-26878

Malicious code in bioql PyPI...

EUVD-2025-25235

Malicious code in bioql PyPI...

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...

CVE-2025-55303

Astro is a web framework for content-driven websites. In versions of astro before 5.13.2 and 4.16.18, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. On-demand rendered sites built with Astro include a...

CVE-2025-55303

Astro before 5.13.2 and 4.16.18 has an information disclosure vulnerability in the on-demand rendering image optimization endpoint (_image) that can bypass third-party domain restrictions using protocol-relative URLs (e.g., /_image?href=//example.com/image.png). This allows serving images from un...

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...

CVE-2025-50579

CVE-2025-50579 affects Nginx Proxy Manager v2.12.3, where a CORS misconfiguration allows unauthorized domains to access sensitive data (JWT tokens) due to improper Origin header validation. Attack possible via a simple browser script to exfiltrate tokens to a remote server, potentially enabling u...

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...

WordPress plugin Ai Image Alt Text Generator for WP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Origin Validation Error

Prefect is vulnerable to Origin Validation Error. The vulnerability is due to improper access control due to unauthorized domains being allowed to access sensitive data, leading to potential data leaks, loss of confidentiality, service disruption, and data integrity risks...

PT-2025-12222

Name of the Vulnerable Software and Affected Versions prefecthq/prefect version 2.20.2 Description A CORS Cross-Origin Resource Sharing misconfiguration allows unauthorized domains to access sensitive data, potentially leading to unauthorized access to the database. This can result in data leaks,...

Cookie Leakage

amphp/artax is vulnerable to Cookie Leakage. The vulnerability is due to cookies being leaked to unauthorized domains, which allows an attacker to manipulate cookies in such a way where cookies of foo.bar.example.com were leaked to foo.bar...

CVE-2023-31492

Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users...