12 matches found
EUVD-2025-10400
Malicious code in bioql PyPI...
MINI-9FR2-MQJM-5V6R
Bulletin has no description...
CVE-2025-32018
Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the us...
CVE-2025-32018
Cursor is an AI-codeditor. Versions 0.45.0–0.48.6 contain a regression that broadens the Cursor Agent’s file-modification permissions, allowing, under deliberate prompting (user or crafted context), automatic writes to files outside the opened workspace. The vulnerability can manifest when the ag...
WordPress plugin Youzify 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2025-1752 · WordPress · Youzify – Buddypress Community
Name of the Vulnerable Software and Affected Versions: The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress versions up to, and including, 1.3.2 Description: The issue is related to unauthorized loss of data due to a missing capability check on the...
CVE-2024-53253
Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...
CVE-2024-47848 User can review/unreview articles while blocked
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - PageTriage allows Authentication Bypass.This issue affects Mediawiki - PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...
CVE-2024-47848 User can review/unreview articles while blocked
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - PageTriage allows Authentication Bypass.This issue affects Mediawiki - PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...
Exploit for Missing Authentication for Critical Function in Properfraction Profilepress
CVE-2021-34621 - WordPress Privilege Escalation A critical vu...
CVE-2023-27293
Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cooki...
Udemy: Extremely high Course rating values could be set in order to make really high Average rating of the course. Negative values could be set to.
Authenticated user can register for some course paid or free. After registering and taking couple of lectures "Rate course" functional becomes active. Malicious user can fill the rating form and submit it. By intercepting request to the server's API by using intercepting proxy tool and modify...