GHSA-P4HH-MQ57-GQ8X Signify allows a remote attacker to escalate privileges via the signed_data.py and the context.py components

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

EUVD-2025-209004

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

Signify allows a remote attacker to escalate privileges via the signed_data.py and the context.py components

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

CVE-2025-70887

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

PT-2026-28087

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed data.py and the context.py components...

CVE-2025-70887

The CVE-2025-70887 entry concerns the Signify project by ralphje, vulnerable in versions before v.0.9.2. The issue affects the signed_data.py and context.py components, enabling a remote attacker to escalate privileges. Public details in connected documents confirm the vulnerable component/files ...

EUVD-2025-201377

The WP-SOS-Donate Donation Sidebar Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

WordPress plugin WP-SOS-Donate Donation Sidebar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-49219

The WP-SOS-Donate Donation Sidebar Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $ SERVER'PHP SELF' parameter in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

WordPress Advanced Custom Fields: Extended plugin 0.9.0.5-0.9.1.1 - Unauthenticated Remote Code Execution vulnerability

Unauthenticated Remote Code Execution vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin Advanced Custom Fields: Extended versions 0.9.0.5-0.9.1.1...

100,000 WordPress Sites Affected by Remote Code Execution Vulnerability in Advanced Custom Fields: Extended WordPress Plugin

On November 18th, 2025, we received a submission for an unauthenticated Remote Code Execution vulnerability in Advanced Custom Fields: Extended, a WordPress plugin with more than 100,000 active installations. This vulnerability can be leveraged to execute code remotely. Props to dudekmar who...

CVE-2025-11778

CVE-2025-11778 affects Circutor SGE-PLC1000/SGE-PLC50 (v0.9.2). The issue is a stack-based buffer overflow in the TACACSPLUS implementation, specifically in the read_packet() function, enabling remote memory corruption. Multiple connected sources corroborate the vulnerability in the same software...

CVE-2025-64142

A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

EUVD-2025-36657

Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery...

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2025-64141

CVE-2025-64141 describes a CSRF vulnerability in Jenkins Nexus Task Runner Plugin, affecting versions 0.9.2 and earlier. An attacker can cause the controller to connect to an attacker‑specified URL using attacker‑specified credentials via an HTTP endpoint (CSRF). Exploitation details are not prov...

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

PT-2025-44290

Name of the Vulnerable Software and Affected Versions Jenkins Nexus Task Runner Plugin versions 0.9.2 and earlier Description A cross-site request forgery CSRF issue exists in the Jenkins Nexus Task Runner Plugin. This allows attackers to connect to a URL specified by the attacker, using...

Jenkins Nexus Task Runner Plugin 安全漏洞

Jenkins Nexus Task Runner Plugin is an open source plugin for Jenkins. A security vulnerability exists in Jenkins Nexus Task Runner Plugin version 0.9.2 and earlier, which stems from vulnerability to a cross-site request forgery attack that could result in a connection to an attacker-specified UR...

EUVD-2006-1778

Malware in sbrugna...