CVE-2025-15611 Popup Box AYS Pro < 5.5.0 - Admin+ Stored Cross-Site Scripting (XSS) via CSRF

The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the addoreditpopupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create ...

PT-2026-4317

Name of the Vulnerable Software and Affected Versions FOG versions 1.5.10.1754 and below Description FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated Server-Side Request Forgery SSRF condition in the...

Kentico Xperience 安全漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an access control bypass vulnerability that can be exploited by an attacker to cause an account takeover...

CVE-2025-13000

CVE-2025-13000 concerns the WordPress plugin “db-access” up to version 0.8.7, where an insufficient authorization check in an AJAX action permits any authenticated user (including subscribers) to perform SQL injection. Supported details from connected sources confirm the root cause as missing aut...

📄 Casdoor 2.95.0 Cross Site Request Forgery

Casdoor version 2.55.0 suffers from a cross site request forgery vulnerability. Exploit Title: Casdoor 2.95.0 - Cross-Site Request Forgery CSRF Application: Casdoor Version: v2.95.0 2025-10-22 Date: 2025-10-23 Exploit Author: Van Lam Nguyen Vendor Homepage: https://casdoor.org/ Software Link:...

EUVD-2025-16165

Malicious code in bioql PyPI...

EUVD-2022-1393

Malicious code in bioql PyPI...

EUVD-2024-2481

Malicious code in bioql PyPI...

GHSA-93C7-7XQW-W357 Pingora has a Request Smuggling Vulnerability

A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in...

CVE-2024-43379

TruffleHog is a secrets scanning tool. Prior to v3.81.9, this vulnerability allows a malicious actor to craft data in a way that, when scanned by specific detectors, could trigger the detector to make an unauthorized request to an endpoint chosen by the attacker. For an exploit to be effective, t...

CVE-2025-4366

A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: ...

CVE-2025-40595

A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location...

PHPJabbers Cinema Booking System 2.0 Cross Site Request Forgery

PHPJabbers Cinema Booking System version 2.0 suffers from a cross site request forgery vulnerability. CVE-2024-57429 A cross-site request forgery CSRF vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking a...

Wavlink AC3000 login.cgi set_lang_CountryCode() Persistent XSS vulnerability

Talos Vulnerability Report TALOS-2024-2017 Wavlink AC3000 login.cgi setlangCountryCode Persistent XSS vulnerability January 14, 2025 CVE Number CVE-2024-39363 SUMMARY A cross-site scripting xss vulnerability exists in the login.cgi setlangCountryCode functionality of Wavlink AC3000...

Server-Side Request Forgery (SSRF)

TruffleHog is vulnerable to unauthorized request execution. The vulnerability is due to insufficient validation of the data being scanned by TruffleHog's detectors, which allows maliciously crafted data to trigger unauthorized requests to attacker-chosen endpoints...

CVE-2024-43379

TruffleHog is a secrets scanning tool. Prior to v3.81.9, this vulnerability allows a malicious actor to craft data in a way that, when scanned by specific detectors, could trigger the detector to make an unauthorized request to an endpoint chosen by the attacker. For an exploit to be effective, t...

CVE-2024-43379 TruffleHog has a Blind SSRF in some Detectors

TruffleHog is a secrets scanning tool. Prior to v3.81.9, this vulnerability allows a malicious actor to craft data in a way that, when scanned by specific detectors, could trigger the detector to make an unauthorized request to an endpoint chosen by the attacker. For an exploit to be effective, t...

CVE-2024-43379

CVE-2024-43379 concerns TruffleHog, a secrets-scanning tool. According to the connected documents, the issue is a Blind SSRF vulnerability in some detectors prior to version 3.81.9 . The attack requires an attacker-crafted input that, when scanned, could cause an unauthenticated GET endpoint that...

CVE-2024-43379 TruffleHog has a Blind SSRF in some Detectors

TruffleHog is a secrets scanning tool. Prior to v3.81.9, this vulnerability allows a malicious actor to craft data in a way that, when scanned by specific detectors, could trigger the detector to make an unauthorized request to an endpoint chosen by the attacker. For an exploit to be effective, t...

CVE-2024-43379 TruffleHog has a Blind SSRF in some Detectors

TruffleHog is a secrets scanning tool. Prior to v3.81.9, this vulnerability allows a malicious actor to craft data in a way that, when scanned by specific detectors, could trigger the detector to make an unauthorized request to an endpoint chosen by the attacker. For an exploit to be effective, t...