14 matches found
EUVD-2025-30671
Malicious code in bioql PyPI...
CVE-2025-57961 WordPress CoDesigner plugin <= 4.29 - Broken Access Control vulnerability
Missing Authorization vulnerability in Codexpert, Inc CoDesigner woolementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoDesigner: from n/a through = 4.29...
CVE-2025-57961 WordPress CoDesigner plugin <= 4.29 - Broken Access Control vulnerability
Missing Authorization vulnerability in Codexpert, Inc CoDesigner woolementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoDesigner: from n/a through = 4.29...
CVE-2025-57961
CVE-2025-57961 affects CoDesigner (CoDesigner – All in One Elementor WooCommerce Builder) with Missing Authorization. According to connected Wordfence data, the vulnerability applies to CoDesigner versions up to 4.26 and is currently unpatched. The Initial Description lists the CVE as a Missing A...
Linux Distros Unpatched Vulnerability : CVE-2025-54799
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Let's Encrypt client and ACME library written in Go Lego. In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package thus the lego library an...
SUSE CVE-2025-54799
Let's Encrypt client and ACME library written in Go Lego. In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package thus the lego library and the lego cli as well don't enforce HTTPS when talking to CAs as an ACME client. Unlike the http-01 challenge which solves an ACME...
CVE-2025-54799
Let's Encrypt client and ACME library written in Go Lego. In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package thus the lego library and the lego cli as well don't enforce HTTPS when talking to CAs as an ACME client. Unlike the http-01 challenge which solves an ACME...
UBUNTU-CVE-2025-54799
Let's Encrypt client and ACME library written in Go Lego. In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package thus the lego library and the lego cli as well don't enforce HTTPS when talking to CAs as an ACME client. Unlike the http-01 challenge which solves an ACME...
Cleartext Transmission of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information due to the lack of HTTPS enforcement for the ACME client. An attacker can intercept sensitive information by capturing unencrypted network traffic if the library user accidentally inputs a...
CVE-2025-54799 Lego does not enforce HTTPS
Let's Encrypt client and ACME library written in Go Lego. In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package thus the lego library and the lego cli as well don't enforce HTTPS when talking to CAs as an ACME client. Unlike the http-01 challenge which solves an ACME...
CVE-2025-54799
Let's Encrypt client and ACME library written in Go Lego. In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package thus the lego library and the lego cli as well don't enforce HTTPS when talking to CAs as an ACME client. Unlike the http-01 challenge which solves an ACME...
CVE-2024-52588 Strapi allows Server-Side Request Forgery in Webhook function
Strapi is an open-source content management system. Prior to version 4.25.2, inputting a local domain into the Webhooks URL field leads to the application fetching itself, resulting in a server side request forgery SSRF. This issue has been patched in version 4.25.2...
CVE-2024-52588
Summary (CVE-2024-52588): Strapi CMS prior to 4.25.2 is vulnerable to SSRF via the Webhooks URL field, where entering a local domain can cause the server to fetch itself. Affected component is the Webhooks URL handling; root cause is improper validation/handling of internal destinations. Impact i...
CVE-2024-52588 Strapi allows Server-Side Request Forgery in Webhook function
Strapi is an open-source content management system. Prior to version 4.25.2, inputting a local domain into the Webhooks URL field leads to the application fetching itself, resulting in a server side request forgery SSRF. This issue has been patched in version 4.25.2...