14 matches found
CVE-2025-10740
The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to unauthorized access to functionality provided by the API due to a missing capability check on the verifyRequest function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, wi...
EUVD-2025-35820
The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to unauthorized access to functionality provided by the API due to a missing capability check on the verifyRequest function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, wi...
CVE-2025-10740 URL Shortener Plugin For WordPress <= 3.0.7 - Missing Authorization to Authenticated (Subscriber+) Link Manipulation
The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to unauthorized access to functionality provided by the API due to a missing capability check on the verifyRequest function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, wi...
whatsapp-api-js 数据伪造问题漏洞
whatsapp-api-js is a TypeScript server-agnostic official API framework for Whatsapp by Tomás Raiti Personal Developer. A data forgery issue vulnerability exists in versions of whatsapp-api-js prior to 4.0.3, which stems from incorrectly returning false for a valid signature when using the...
PT-2024-31706 · Unknown · Whatsapp-Api-Js
Name of the Vulnerable Software and Affected Versions: whatsapp-api-js versions prior to 4.0.3 Description: The issue concerns Incorrect Access Control in the whatsapp-api-js framework, impacting anyone using the post or verifyRequestSignature methods to handle messages. It is possible to check t...
CVE-2024-5053
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized Malichimp API key update due to an insufficient capability check on the verifyRequest function in all versions up to, and including, 5.1.18. This makes it...
GO-2023-1534 Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2
Unmarshalling a Hello Verify request can panic, which could allow a denial of service...
Denial Of Service (DoS)
github.com/pion/dtls is vulnerable to Denial Of Service DoS. The vulnerability exists in the Unmarshal function which tries to unmarshal into buffer to small via a Hello Verify request message which allows an attacker to cause an application crash...
Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2
Impact During the unmarshalling of a hello verify request we could try to unmarshal into too small a buffer. is could result in a panic leading the program to crash. This issue could be abused to cause a denial of service. Workaround None, upgrade to 2.2.4...
GHSA-4XGV-J62Q-H3RJ Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2
Impact During the unmarshalling of a hello verify request we could try to unmarshal into too small a buffer. is could result in a panic leading the program to crash. This issue could be abused to cause a denial of service. Workaround None, upgrade to 2.2.4...
GHSA-HXP2-XQF3-V83H Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2
Impact When attempting to unmarshal a Server Hello request we could attempt to unmarshal into a buffer that was too small. This could result in a panic leading the program to crash. This issue could be abused to cause a denial of service. Workaround None...
GHSA-QQ3J-44GW-CF6R Eclipse Californium denial of service (DoS) via Datagram Transport Layer Security (DTLS) handshake on parameter mismatch
In Eclipse Californium versions 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification DDoS other pee...
CVE-2022-2576
In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification DDoS other peer...
PT-2003-1462 · Apache +1 · Apache Httpd +1
Name of the Vulnerable Software and Affected Versions: PHP affected versions not specified Apache httpd 2.0 Description: The issue allows attackers to bypass intended access restrictions if PHP is running on a server that passes on all methods. This is because PHP treats unknown methods, such as...