Lucene search
+L

22114 matches found

NVD
NVD
added 2026/01/23 5:16 a.m.16 views

CVE-2025-15522

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatordiscordusermapping shortcode in all versions up to, and including, 6.10.0.2 due to insufficient input sanitization and output...

6.4CVSS0.00259EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/23 4:34 a.m.34 views

CVE-2025-15522 Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.10.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatordiscordusermapping shortcode in all versions up to, and including, 6.10.0.2 due to insufficient input sanitization and output...

6.4CVSS0.00259EPSS
Exploits0References4
CVE
CVE
added 2026/01/23 4:34 a.m.27 views

CVE-2025-15522

CVE-2025-15522 : Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to a stored cross-site scripting (XSS) via the shortcode automator_discord_user_mapping in all versions up to 6.10.0.2. The issue arises from insufficient input saniti...

6.4CVSS5.8AI score0.00259EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/23 4:34 a.m.5 views

CVE-2025-15522 Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.10.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatordiscordusermapping shortcode in all versions up to, and including, 6.10.0.2 due to insufficient input sanitization and output...

6.4CVSS5.8AI score0.00259EPSS
Exploits0References4
HackRead
HackRead
added 2026/01/15 8:52 p.m.8 views

New PayPal Scam Sends Verified Invoices With Fake Support Numbers

Hackread.com exclusive: Scammers are using verified PayPal invoices to launch callback phishing attacks. Learn how the "Alexzander" invoice bypasses Google filters...

7AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/01/09 3:19 p.m.13 views

X Didn’t Fix Grok's ‘Undressing’ Problem. It Just Makes People Pay for It

X is allowing only “verified” users to create images with Grok. Experts say it represents the “monetization of abuse”—and anyone can still generate images on Grok’s app and website...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 10:58 a.m.11 views

CVE-2025-67825

An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. This could allow a document to present inconsistent signer details. The display logic was updat...

5.5CVSS6.6AI score0.00085EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 6:15 p.m.7 views

CVE-2025-67825

An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. This could allow a document to present inconsistent signer details. The display logic was updat...

5.5CVSS0.00085EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/08 12:0 a.m.3 views

CVE-2025-67825

An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. This could allow a document to present inconsistent signer details. The display logic was updat...

6.2AI score0.00085EPSS
Exploits0References2
CVE
CVE
added 2026/01/08 12:0 a.m.31 views

CVE-2025-67825

CVE-2025-67825 affects Nitro PDF Pro for Windows prior to 14.42.0.34. The issue arises when signer information is taken from a non-verified PDF field instead of the verified certificate subject, allowing a document to display inconsistent signer details. The root cause is tied to the display logi...

5.5CVSS6.2AI score0.00085EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.11 views

PT-2026-1885

Name of the Vulnerable Software and Affected Versions Nitro PDF Pro versions prior to 14.42.0.34 Description The software can display signer information from a non-verified PDF field instead of the verified certificate subject, potentially presenting inconsistent signer details. The display logic...

9.8CVSS6.4AI score0.00085EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/01/08 12:0 a.m.26 views

CVE-2025-67825

An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. This could allow a document to present inconsistent signer details. The display logic was updat...

0.00085EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.9 views

CVE-2019-16753

An issue was discovered in Decentralized Anonymous Payment System DAPS through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow the reuse of signatur...

7.5CVSS6.8AI score0.00744EPSS
Exploits1References1
Veracode
Veracode
added 2025/12/24 7:40 a.m.9 views

Improper Authentication

github.com/mattermost/mattermost-server is vulnerable to improper authentication. The vulnerability is due to failure to validate email ownership during the Slack import process, which allows an attacker to create verified user accounts with arbitrary email domains and bypass email-based team...

5.4CVSS5.8AI score0.00281EPSS
Exploits0References6Affected Software2
RedhatCVE
RedhatCVE
added 2025/12/23 3:35 p.m.6 views

CVE-2025-61740

Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device...

7.2CVSS6.8AI score0.00123EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/12/15 11:55 a.m.20 views

A Browser Extension Risk Guide After the ShadyPanda Campaign

In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale. A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them r...

6.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/06 6:58 a.m.7 views

CVE-2025-12374

The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.44. This is due to the plugin not properly validating that an OTP was generate...

9.8CVSS5.9AI score0.0045EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/05 10:33 p.m.6 views

CVE-2025-66559

Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox.verifyBatches packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678 advanced the local tid to whatever...

9.3CVSS6.6AI score0.00273EPSS
Exploits0References1
NVD
NVD
added 2025/12/05 7:16 a.m.14 views

CVE-2025-12374

The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.44. This is due to the plugin not properly validating that an OTP was generate...

9.8CVSS0.0045EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/05 6:7 a.m.36 views

CVE-2025-12374 Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification <= 2.0.44 - Authentication Bypass to Account Takeover

The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.44. This is due to the plugin not properly validating that an OTP was generate...

9.8CVSS0.0045EPSS
Exploits0References3
Rows per page
Query Builder