Microsoft starts force upgrading Windows 11 22H2, 23H3 devices
Using Behavioral Insights to Counter LLM-Enabled Hacking
Lazarus Group Targets Developers in New Data Theft Campaign
Misconfiguration exposes over Assist Security data
New Star Blizzard attacks set sights on WhatsApp accounts
Additional US sanctions issued to clampdown North Korean IT worker scam
Trojanized images leveraged in separate malware campaigns
How to calculate your AI-powered cybersecurity's ROI
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation
How Russian hackers went after NGOs' WhatsApp accounts
ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems
Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation
FTC orders GoDaddy to fix poor web hosting security practices
Star Blizzard Targets WhatsApp in New Campaign
Everything I know about cybersecurity, I learned from video games
Noyb Files GDPR Complaints Against TikTok and Five Chinese Tech Giants
U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs
How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?
New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
1touch.io’s SaaS offering delivers enterprise-grade security
Researchers Warn of NTLMv1 Bypass in Active Directory Policy
DORA Takes Effect: Financial Firms Navigating Compliance Headwinds
Bitwarden unveils native mobile applications for iOS and Android
Dynatrace reduces time-consuming compliance configuration checks associated with DORA
Russia-linked APT Star Blizzard targets WhatsApp accounts
Balancing usability and security in the fight against identity-based attacks
EU takes decisive action on healthcare cybersecurity
Homeowners are clueless about how smart devices collect their data
MSSqlPwner: Open-source tool for pentesting MSSQL servers
New infosec products of the week: January 17, 2025
European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China
Russian APT Phishes Kazakh Gov't for Strategic Intel
404: Not Found
Woe Daddy: FTC raps hosting giant GoDaddy for security lapses
GDPR complaints filed against TikTok, Temu for sending user data to China
183M Patient Records Exposed: Fortified Health Security Releases 2025 Healthcare Cybersecurity Report
Karl Triebes Joins Ivanti as Chief Product Officer
W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks
Microsoft expands testing of Windows 11 admin protection feature
4.2 million internet hosts hijacked via bugs in tunneling protocols
Prominent US law firm Wolf Haldenstein disclosed a data breach
SEALSQ in Cooperation With WISeKey Expands Post-Quantum Footprint in Saudi Arabia
CISA and US and International Partners Publish Guidance for OT Owners and Operators
Biden's Cyber EO Gives Trump a Blueprint for Defense
CISA's AI Playbook Pushes For More Information Sharing
FTC Orders GoDaddy to Fix Inadequate Security Practices
Find the helpers
Building a Virtual Security Home Lab: Part 10 - Splunk Setup & Configuration | by David Varghese | InfoSec Write-ups
Creating Payloads with ScareCrow to Mimic Reputable Sources and Bypass Anti-Virus | by Cybertech Maven | InfoSec Write-ups
Enhance Your Google Dorking Skills with ChatGPT | by Practical OSINT | InfoSec Write-ups
The 60-Second Phone Hack That's Draining Bank Accounts Worldwide | by John Edwin | InfoSec Write-ups
Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting
Gateshead Council Cyber-Attack Exposes Personal Data
US cracks down on North Korean IT worker army with more sanctions
HOW I HACKED NASA?. Hi Guyz, | by Krishnadev P Melevila | InfoSec Write-ups
Leveraging LFI to RCE in a website with +20000 users | by kleiton0x7e | InfoSec Write-ups
REVEALED: Best Way to Recover Lost or Deleted Data from Smartphones | by InfoSec Write-ups | Jan, 2025 | InfoSec Write-ups
[WRITE-UP] Irremovable comments on the FB Lite app (Bounty: 500 USD) | by Shubham Bhamare | InfoSec Write-ups
You Need to Get on Hack the Box Academy | by grepStrength | InfoSec Write-ups
🛠️ Reconnaissance and Vulnerability Scanning Script🛡️ | by Piyush Kumawat (securitycipher) | InfoSec Write-ups
Gootloader inside out
The current state of ransomware: Weaponizing disclosure rules and more
Grinding Gear Games Apologizes for Path of Exile 2 Data Breach GGG
New Star Blizzard spear-phishing campaign targets WhatsApp accounts
Wolf Haldenstein law firm says 3.5 million impacted by data breach
FTC sues GoDaddy for years of poor hosting security practices
Biden signs executive order to bolster national cybersecurity
Biden Tightens Software Supply Chain Security Requirements
Trump’s Truth Social Users Targeted by Rampant Scams Online
Middle Eastern Real Estate Fraud Grows with Online Listings
Kicking Off 2025: Findings on U.S. Department of Energy | by Guru Prasad Pattanaik || TH3N00BH4CK3R | Jan, 2025 | Cyber Security Write-ups
How I Passed the 48-Hour eJPT Exam in Less Than 5 Hours | by Hasanka Amarasinghe | Jan, 2025 | Medium
Clop Ransomware exploits Cleo File Transfer flaw: dozens of claims, disputed breaches
MFA Failures - The Worst is Yet to Come
New UEFI Secure Boot flaw exposes systems to bootkits, patch now
CISA Releases the Cybersecurity Performance Goals Adoption Report
Strategic Approaches to TDIR
Grupo Bimbo Ventures Announces Investment in NanoLock Security
K2 Secures Navy SeaPort Next Generation Contract
CrowdStrike Achieves FedRAMP Authorization for New Modules
Risk, Reputational Scoring Services Enjoy Mixed Success
DORA Compliance Costs Soar Past €1m for Many UK and EU Businesses
Sophos ZTNA Updates
Pall Mall Process faces criticism over impact on commercial hacking tools
Security researcher discovers critical vulnerability in Facebook ad platform
Accelerated BlackBasta-like email attack examined
Transaction simulation spoofing attack targets cryptocurrency wallets
Malware spread by stealthy new MiktroTik botnet
Critical SimpleHelp vulnerabilities fixed, update your server instances!
Zero Trust Security, Why It's Essential In Today's Threat Landscape
Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action
Concentric AI helps organizations gain a complete understanding of their data
GoDaddy Accused of Serious Security Failings by FTC
New Hacking Group Leaks Configuration of 15,000 Fortinet Firewalls
New Lazarus Group attack campaign sets sights on freelance software developers
Easterly: US federal networks initially targeted by Salt Typhoon
MikroTik botnet relies on DNS misconfiguration to spread malware
Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions
The $10 Cyber Threat Responsible for the Biggest Breaches of 2024
Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer
New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
Contrast Security AVM identifies application and API vulnerabilities in production
Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them?
New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)
Trusted Apps Sneak a Bug Into UEFI Boot Process
Scammers Exploit California Wildfires, Posing as Fire Relief Services
How Can AP Automation Enhance Data Protection
EU To Launch Support Centre by 2026 to Boost Healthcare Cybersecurity
Hackers Use Image-Based Malware and GenAI to Evade Email Security
Cisco AI Defense safeguards against the misuse of AI tools
Entrust PKI Hub streamlines PKI, certificate lifecycle management, and automation
Red Hat Connectivity Link enhances security across multiple layers of application infrastructure
Regula updates Document Reader SDK with full support for Digital Travel Credentials
Webinar: Amplifying SIEM with AI-driven NDR for IT/OT convergence
HarvestIQ.ai provides actionable insights for cybersecurity professionals
Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws
Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager
How CISOs can elevate cybersecurity in boardroom discussions
Critical vulnerabilities remain unresolved due to prioritization gaps
A humble proposal: The InfoSec CIA triad should be expanded
Hackers leak configs and VPN credentials for 15,000 FortiGate devices
Severe Rsync vulnerabilities — CVSS 9.8 — risk RCE, data leaks
Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices
Microsoft Patch Tuesday updates for January 2025 fixed three actively exploited flaws
SAP fixes critical vulnerabilities in NetWeaver application servers
Attackers Hijack Google Advertiser Accounts to Spread Malware
Boards Stepping Up, as CISOs Build Stronger Bonds with Legal and Safeguard Leadership – BSW #378
Four take guilty pleas in US government IT bribery scam
MikroTik botnet uses misconfigured SPF DNS records to spread malware
CISA shares guidance for Microsoft expanded logging capabilities
PowerSchool Data Breach Exposes Social Security Numbers of 60 Million Students and Teachers - Security Spotlight
Telefonica Breach Exposes 20,000 Employees' Data and Jira Details: Hellcat Ransomware's Infostealer Malware at Play - Security Spotlight
WazirX Hack: North Korea's Lazarus Blamed for WazirX's $235 Million Cryptocurrency Theft - Security Spotlight
West Haven Cyberattack Culprit, Qilin Ransomware Group
Black Basta-Style Cyberattack Hits Inboxes with 1,165 Emails in 90 Minutes
Hackers use Google Search ads to steal Google Ads accounts
Label giant Avery says website hacked to steal credit cards
North Korea's IT worker scam linked to 2016 crowdfunding operation
Microsoft ends support for Office apps on Windows 10 in October
Over 660,000 Rsync servers exposed to code execution attacks
CISA: Second BeyondTrust Vulnerability Added to KEV Catalog
Extension Poisoning Campaign Highlights Gaps in Browser Security
North Korea's Lazarus Evolves Developer-Recruitment Attacks
CISA Launches Playbook to Boost AI Cybersecurity Collaboration
Exploring Python’s Best Libraries for Ethical Hacking | by Abhishek pawar | Jan, 2025 | InfoSec Write-ups
Exploiting IDOR in a Support Portal Chatbot | by Supun Halangoda (Suppa) | Jan, 2025 | Medium
Improper Authentication in a famous Trading website | by Anonymousshetty | Jan, 2025 | Medium
Why I Chose a Cybersecurity Masters in Science Degree Over the CISSP Certification | by David S Mosher | Dec, 2024 | InfoSec Write-ups
Windows BitLocker bug triggers warnings on devices with TPMs
OWASP's New LLM Top 10 Shows Emerging AI Threats
North Korean crypto heist toll exceeded $659M in 2024
Pro-Ukraine hackers target major Russian state procurement platform
Seed funding raises $36M for Orchid Security
Thousands of WordPress sites impacted by WP3.XYZ malware campaign
Huione emerges as largest illegal online marketplace
U.S. CISA adds Fortinet FortiOS to its Known Exploited Vulnerabilities catalog
ISC2 Cybersecurity Workforce Study: Shortage of AI skilled workers
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99
Aembit Announces Speaker Lineup for the Inaugural NHIcon
Sweet Security Introduces Patent-Pending LLM-Powered Detection Engine, Reducing Cloud Detection Noise to 0.04%
Rsync vulnerabilities allow remote code execution on servers, patch quickly!
Slew of WavLink vulnerabilities
Multi-Cloud Adoption Surges Amid Rising Security Concerns
How Role-Based Identity Management Can Protect Against AD- And Entra I
Chinese PlugX Malware Deleted in Global Law Enforcement Operation
Illicit Crypto-Inflows Set to Top $51bn in a Year
Advanced Microsoft 365-targeted brute-force attacks enabled by FastHTTP
Widespread PlugX malware compromise eradicated in law enforcement operation
Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket
Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool
North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains
FBI removed PlugX malware from U.S. computers
1Password's Trelica Buy Part of Broader Shadow IT Play
Secureworks Exposes North Korean Links to Fraudulent Crowdfunding
Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls
CVE-2024-44243 macOS flaw allows persistent malware installation
The High-Stakes Disconnect For ICS/OT Security
Microsoft Discovers macOS Flaw CVE-2024-44243, Bypassing SIP
FBI deletes Chinese PlugX malware from thousands of US computers
Microsoft Patches Eight Zero-Days to Start the Year
Hackers Use CVE-2024-50603 to Deploy Backdoor on Aviatrix Controllers
How Much Does It Cost To Host A Website?
Wultra Secures €3M to Protect Financial Institutions from Quantum Threats
FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation
Contextal Platform: Open-source threat detection and intelligence
Cybersecurity is stepping into a new era of complexity
Using cognitive diversity for stronger, smarter cyber defense
3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update
Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks
159-CVE January Patch Tuesday smashes single-month record
As Tensions Mount With China, Taiwan Sees Surge in Attacks
Microsoft fixes 159 bugs in first Patch Tuesday of 2025
Microsoft shares insights from red teaming 100 GenAI products
Microsoft Rings in 2025 With Record Security Update
Smishing, Beyond Trust, CryptoReligion, Aviatrix, Azure, Josh Marpet, and more… – SWN #442
FBI deleted China-linked PlugX malware from +4,200 US computers
January Windows updates may fail if Citrix SRA is installed
Apple Bug Allows Security Bypass Without Physical Access
Microsoft Patch Tuesday for January 2025 — Snort rules and prominent vulnerabilities
Microsoft fixes actively exploited Windows Hyper-V zero-day flaws
Leader in 2024 Gartner Magic Quadrant for DCG and Archiving
WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites
Allstate car insurer sued for tracking drivers without permission
FBI Wraps Up Eradication of Chinese 'PlugX' Malware
Manitou Springs School District 14 Joins District 49 in PowerSchool Data Breach - Security Spotlight
Blockchain in cybersecurity: opportunities and challenges
US govt says North Korea stole over $659 million in crypto last year
Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws
Windows 10 KB5049981 update released with new BYOVD blocklist
Windows 11 KB5050009 & KB5050021 cumulative updates released
Zero-Day Bug Fueling Fortinet Firewall Attacks
New bug lets attackers bypass macOS system integrity protection
This is How I Turned an Informative Bug into a Valid $500 Bug | by Shubham Bhamare | Jan, 2025 | Medium
Why I Chose a Cybersecurity Masters in Science Degree Over the CISSP Certification | by David S Mosher | Dec, 2024 | InfoSec Write-ups
Getting Started with Bug Bounty Hunting in 2025: A Real World Guide | by hackbynight | Jan, 2025 | Medium
Cybersecurity 2025: The Year of the Human | by Helen Patton | Dec, 2024 | Medium
When did random code execution become a feature? | by Steve Jones | Jan, 2025 | Medium
CVE-2024-49113 “LDAP Nightmare”: First PoC Exploit of 2025 Targets Critical Windows Vulnerability 🚨 | Medium
Sowing Discord: Weaponizing Discord’s CDN and Webhooks | by grepStrength | Jan, 2025 | Medium
Russia-linked APT UAC-0063 target Kazakhstan in with HATVIBE malware
Google OAuth Vulnerability Exposes Millions via Failed Startup Domains
Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation
Gravy Analytics Data Breach Exposes Location Data: iOS 14.5 and App Tracking Transparency Offer Some Protection - Security Spotlight
Cyberattacks on Italian Banks: DDoS Attacks Hits Financial Institutions and Public Services
Slovakian land registry cyberattack
Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591)
FBI wipes Chinese PlugX malware from over 4,000 US computers
Google OAuth flaw lets attackers gain access to abandoned accounts
New AI Rule Aims to Prevent Misuse of US Technology
Explore topics
I Changed Someone’s Profile Picture… And They Had No Idea!! | by Krishnadev P Melevila | Jan, 2025 | Medium
PyPI’s Quarantine, Phishing & Awareness, Porting Fishshell to Rust, Cyber Trust Mark – ASW #313
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation
How to build an offensive AI security agent
Wolf Haldenstein Data Breach Exposed 3.5 Million Americans
How to Prepare for a Post Quantum World and Why | Cyber Security Tribe
New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
Finding SSRFs in Azure DevOps
Bypassing disk encryption on systems with automatic TPM2 unlock | oddlama's blog
Russian hackers target WhatsApp in new tactic, Microsoft warns
European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China
reuters.com
Just a moment...
Just a moment...
Hack The Emulated Planet: Vulnerability Hunting Planet WGS-804HPT Industrial Switch | Claroty
Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting
Microsoft Configuration Manager (ConfigMgr) 2403 Unauthenticated SQL
- YouTube
CVE-2025-0282 | AttackerKB
How to Create Vulnerable-Looking Endpoints to Detect and Mislead Attackers
Shielder - Karmada Security Audit
PowerSchool breach worse than thought, company says "all" student and teacher data accessed | TechRadar
Simone Margaritelli on LinkedIn: 121 days ago I reported something to Apple, no fixes and no follow ups…
University of Oklahoma Ransomware Attack Disrupts IT
UK mulls ransomware payment ban for public services
Critical SimpleHelp vulnerabilities fixed, update your server instances! - Help Net Security
Millions of hotel users see personal info checked out in huge data leak | TechRadar
Kevin Beaumont: "GitHub repo with the FortiGate config dump IPs. I…" - Cyberplace
Just a moment...
Biden administration launches cybersecurity executive order
Case Study ⸺ Tracing Command Chains through Time and Location
Policy Engine Showdown - OPA vs. OpenFGA vs. Cedar
A New Jam-Packed Biden Executive Order Tackles Cybersecurity, AI, and More | WIRED
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344
US government set to launch its Cyber Trust Mark cybersecurity labeling program for internet-connected devices in 2025 | TechCrunch
GitHub - SecurityInnovation/glibc_heap_exploitation_training: The resources for glibc Malloc heap exploitation course by Maxwell Dulin and Security Innovation.
China Hackers Broke Into 400-Plus Treasury PCs, Report Says
- YouTube
Solving Phishing Attacks with the SLAM Method: A Comprehensive Guide | The DefendOps Diaries
Essential BBOT Commands for Recon
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool
Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99
Proxy Alice: Predictive Messages For Concealed Communication | by Sebastian Carlos | Jan, 2025 | Medium
Ransomware attacks on education declined in 2024, report shows | StateScoop
North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains
How to Transform IAM from Cost Center to Revenue Driver
- YouTube
Posts | Blue Pill Security
Rsync vulnerabilities allow remote code execution on servers, patch quickly! - Help Net Security
Bolstering the cybersecurity of the healthcare sector - European Commission
How to Implement Role-Based Access Control (RBAC) in Laravel
Here’s how hucksters are manipulating Google to promote shady Chrome extensions
Just a moment...
DOJ deletes China-linked PlugX malware off more than 4,200 US computers | The Record from Recorded Future News
PSIRT | FortiGuard Labs
From arbitrary pointer dereference to arbitrary read/write in latest Windows 11 - hn security
GitHub - Tier1Security/Watchtower-Agent
Log in to the site | QuantumExams
Don’t Use Session (Signal Fork) - Dhole Moments
2024 CVEs in Review – Vulnerability Blog
Aurora Public Schools Internet, Phone Outage
‘Codefinger’ hackers encrypting Amazon cloud storage buckets | The Record from Recorded Future News
Microsoft fixes exploited Hyper-V privilege escalation flaws • The Register
oss-security - RSYNC: 6 vulnerabilities
Courk's Blog – Laser Fault Injection on a Budget: RP2350 Edition
Security Update Guide - Microsoft Security Response Center
Policy as Code | From Infrastructure to Fine-Grained Authorization
West Haven hit by Qilin ransomware attack
Just a moment...
Profile Image Intel - OSINT Tool for Social Media Pictures
Millions of Accounts Vulnerable due to Google’s OAuth Flaw ◆ Truffle Security Co.
Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) - Help Net Security
spring-security-jwt
SecurityServer를 이용해 refreshToken을 redis에 저장하는 형태로 개발
lab 12
Ansible playbook that fully automates the deployment of a LAMP stack on AWS EC2, including dynamic security group configuration and optimised instance setup through user data scripting.
A Python-based security solution:
App developed to monitor and follow up the security related task for the company
Proof of concept project to prove that I could print barcodes and usefull tickets to a printer directly given a static IP address and bypassing the print priview window.
this-is-not-hacking
This repository documents the process of configuring and managing an Active Directory environment, integrating tools such as PowerShell, Splunk, Sysmon, and ServiceNow to demonstrate advanced system administration and security monitoring capabilities.
POC (Proof of Concept) d'un radar d'aéroport développé avec React, TypeScript, et Pixi.js. Ce projet est une démonstration technique des capacités de Pixi.js intégré dans React pour simuler un affichage radar.
This approach is to integrate security into the development and operations pipeline. The goal is to shift security left, ensuring that security practices are embedded throughout the software development lifecycle (SDLC), rather than as an afterthought dur
Proof of concept for iMessage reactions UI using private API
hacking-opencv
MintWords: MintWords is a powerful tool that allows users to create personalized and effective wordlists. It allows users to create custom wordlists that fit their needs, especially for use in cybersecurity, password testing, and security testing.
Free Proxy DB offers a collection of 1000+ free proxies (HTTP, SOCKS4, SOCKS5, V2Ray, SSR, SS, MTProto) and essential tools like Proxy Checker, Port Checker, IP Checker, and Web Crawler. Perfect for developers and privacy-conscious users looking to improv
This portfolio project demonstrates the analysis of a DDoS attack incident using the NIST Cybersecurity Framework (CSF). The analysis includes a detailed incident report and strategic recommendations for improving network security.
Advanced encrypted email system with post-quantum security, built on Yggdrasil and integrated into KYARN for secure project management.
Spring-Security
This bash script performs a security audit on a MySQL server by checking for various common vulnerabilities and misconfigurations.
Firebase Realtime Database Security Rules Unexpectedly Deny Writes to Deeply Nested Objects
Proof of Concept of a MUI implementation of the new WCA site refresh
MACHIAVELLIAN-OS Debian/GNU Linux is a custom-built version of the Debian Linux distribution, specifically tailored for cybersecurity tools and services, ethical hackers, and privacy/network enthusiasts.
security-rss-chatbot
Software-Security-Lab
Proof of Concept (PoC) for a backend component of a "Booking Data Ingestion System."
This app is a proof of concept (POC). It's functional but cannot be used as-is, as it has major flaws in terms of the architecture used. However, you can still use it to play around with sockets.
Proof-of-concept and framework for pervasive computing
A collection of small proof of concept shaders
MemLabs six labs is an educational, basic set of CTF-styled challenges designed to inspire students, security researchers, and CTF gamers to explore the field of Memory Forensics.
Proof of Concept for Clean Architecture for Data Engineering Project
Mod Menu Hack for the chrome dino game.
Vital Hacks Website
Security_Cw2
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
Proof-of-Concept for dragging/dropping files directly from Outlook (Desktop)
This repository provides a Proof of Concept (PoC) for database testing using Robot Framework, Python, and Docker. It demonstrates how to integrate Robot Framework with MySQL databases to validate data consistency and handle errors efficiently.
This is a utility made in Python that allows users to generate password according to the internal policies configured in the utility, it can be customized according to the security especifications or regulations that must be comply
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
proof-of-concept server that pipes yt-dlp output into the http response
Proof-of-concept model and tools used for thesis.
COSC2539-Assignment-3-Assignment-Cyber-Security-Research-Paper
Just another proof of concept on LINQ
Project Name: Password Strength Checker. Description: This project is a simple, interactive password strength checker that provides users with real-time feedback on the security level of their passwords. The application includes a dynamic interface and
Spring-Security
An automated disease prediction tool combining web scraping, LLMs (Llama 3.2-1B), and an ID3 Decision Tree algorithm. This project provides an interactive GUI for symptom-based disease diagnosis and serves as a proof of concept for integrating AI into hea
As a proof of concept, the project is a Slack App to intercept messages sent to the user and deliver them in batches at the desired frequency or times.
Contains all the file for learning the Spring Security concepts.
Proof of Concept für die Erstellung einer CI/CD-Pipeline mit Bamboo
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
Proof of concept for combining SmartPass and Vericatch data to calculate CPUE for Indonesia's Blue Swimming Crab fishery
Esse site é feito para programação e white hat hacking (cíbersegurança)
Walk-throughs for various methods to disrupt ESP32Marauder evil portals.
IoT-Communication-Channel-Security
IoT-Communication-Security
A GUI based program for making customised crypto stealing malware written in python
Spring-Security_REST-Controllers
This is my solution to all three assignments of the course: Cryptography and Network Security held by NTU CSIE in 2023 Spring.
MicroCPQ is meant to be a proof of concept project to create a simple application with only HTML, CSS, and JavaScript within a single HTML file.
Abnormal-Security
Roblox Evade Script No Key Pastebin 2025 NEW OP GUI Keyless Undetected 100% Hack Cheat Exploit Byfron Bypass Supports all Executors Autofarm Admin Commands Free Download Free Gamepass PC and Mobile support 100% UNC Redz FPS Booster
Cyber-Security-Projects
Course project repo for Advanced Software Quality and Security course
spring-security2
Lightweight app - proof of concept to integrate GoogleAdsAPI to fetch/create Campaigns, AdGroups & Ads
Hack for Humanity | 2025
The Library Management System is a secure web app with authentication and role-based access control (RBAC). Admins can manage books using CRUD operations, while users can view and borrow books. Designed for ease of use, it ensures efficient and secure li
A lightweight, framework-agnostic PHP library designed to enhance the security of your web applications. With easy-to-use tools for input sanitization, security headers, CSRF protection, encryption, and more, PhpSecureGuard helps developers secure their p
A Proof of Concept (PoC) for testing potential Denial of Service (DoS) vulnerabilities in servers using the LabyMod Server API.
A collection of small projects from the Systems and Services Security course.
MicroCPQ is meant to be a proof of concept project to create a simple application with only HTML, CSS, and JavaScript within a single HTML file.
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
Ready-to-use Fortnite Driver Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, l
Practical projects tailored for beginners to develop and refine fundamental cybersecurity skills through real-world security assessments.
Proof of concept for Solana wallet integration in Svelte. Because virtually everything out there use React.
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
Gandalf-AI-hacking
Roblox Phantom Forces Script No Key Pastebin 2025 NEW OP GUI Keyless Undetected 100% Hack Cheat Exploit Byfron Bypass Supports all Executors Autofarm Admin Commands Free Download Free Gamepass PC and Mobile support 100% UNC Redz FPS Booster
Public reports of FIS Security.
Self-Assessment-for-IT-Security
A collection of DuckyScript payloads targeting Linux systems.
A basic stock order matching engine to process buy and sell orders, matches them based on predefined rules, and maintains order books for different securities.
Cyber-Security
security_frontend
This repo contains an impelementation of jwt in spring security
Proof of concept for CVE-2022-31814
main_name_proof_of_concept
Upgrade your communication with the best mobile VoIP phones and enhance the efficiency of your support and sales team. Get a quick set-up on any device you already have and start smarter communication. Cost-effective Communication Unified Communication Fl
pa2-proof-of-concept
Proof of Concept - No-Code Website Builder
Stripe OAuth Proof of Concept
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undete…
Hack-n-slash hero action! Use your commander to fight your way through multiplayer battles, in your very own mighty military machine!
This repository contains a collection of cryptographic algorithms and security-related programs used in Computer Network Security (CNS) labs. It includes implementations in Java and C for algorithms like RSA, AES, Blowfish, and more.
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
test-speed-cyber-security
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
Planning-to-Complete-Security-for-My-RBAC_using_NextJs15-and-NodeJs-for-2025
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
Çalıştığımız projelerde bulunan uygulamalar özelinde PROOF of CONTENT(POC) çalışmaları ve dökümantasyonu
nilgiri_security
FiveM External cheat, offers various features like aimbot, triggerbot, exploits, and customizable settings, enhancing the gameplay experience. It includes a KeyAuth system for additional security and user management. The cheat is designed to be undetectab
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
poscodx-spring-security-practices
This Python tool is a powerful Facebook account verification tool used to check Facebook profiles and save checked accounts to .txt file.
FiveM External cheat, offers various features like aimbot, triggerbot, exploits, and customizable settings, enhancing the gameplay experience. It includes a KeyAuth system for additional security and user management. The cheat is designed to be undetectab
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
Web-App-Security
Food_Security_EDA
Welcome to the Roblox Game Development Toolkit repository! This project is designed to help developers and enthusiasts explore advanced game mechanics, scripting techniques, and optimization strategies for Roblox games. This repository is strictly for edu
Proof of Concept (PoC) for a backend component of a "Booking Data Ingestion System."
spring-security-practices
Proof of Concept for Password Cracking with Rainbow Tables
Group project App where users can share a list of their favorite songs with their friends and family, resulting in a greatest songs of all time master list. Created proof of concept for a single user.
All Of My Gimkit Hacks
Proof of concept for postmark issue #128
Repository for a course I completed on building REST APIs with NestJS. The course covers key concepts such as using TypeORM for database management, implementing JWT authentication for security, and writing tests to ensure code reliability. A hands-on jou
SpringSecurityRefreshToken
Welcome to the ultimate Roblox Animal Simulator Script Hack 2025 repository! This GitHub repository provides a comprehensive collection of scripts and tools designed to enhance your gameplay experience in Roblox Animal Simulator. Whether you're looking to
Exercise for obtain hacker news stories through their public API.
This repository contains how to implement mlops in the cyber security domain
DC540 hacking challenge 0x00008 [UNKNOWN CTF].
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
Website Testing
Unlock Master Panel App
AWP is a Roblox executor with Luarmor support and 100% UNC compatibility, making it a solid choice for experienced users. With a Level 8 rating owned by Krampus, it remains a neutral option with strong features.
cyberSecurityNotes
spring-security-practices
Hacking around with CYD and BLE
test_security
Prodigi-CyberSecurity
SecurityTesting
LifeVault is a digital vault designed to securely manage and share essential documents and data using a decentralized and transparent approach. Built on Hive and IPFS, LifeVault allows users to upload, retrieve, and share files with security, privacy, and
A collection of Open-Source Intelligence resources.
For Beginner to Professional the one and only guide you will ever need for Cyber Security.
security-project-esp32-sensors-security
Contains the tasks done for Global Hack Week
ENCRYPT3X is a robust and user-friendly password manager designed with security and simplicity in mind. Built using modern technologies like React, Electron, and TypeScript, it provides a native desktop application experience while following the principle
Proof of concept alternative keyboard for the Steam Deck and Steam Controller.
cupidcr4wl is an open-source intelligence username search tool that crawls adult content platforms to see if a targeted account or person is present.
Text Encryption Web App: A simple tool that allows users to input text, choose an encryption algorithm (AES, RSA, DES), and view the simulated encrypted result. Built with HTML, CSS, and JavaScript, this project serves as an educational demo to understand
A microcontroller-based Smart Home System integrating a 4x4 keypad, ultrasonic sensor, KY-026 flame sensor, servo motor, LCD display, and fan control. It is built for enhanced security, automation, and energy efficiency, this system demonstrates the capab
This is a Proof of Concept (POC) shopping assistant chatbot, powered by OpenAI
This Hack program demonstrates a stack overflow error due to a non-tail-recursive function.
I'm a 10 years old boy love to programming and hacking. Here is a collection of pseudoviruses.
NetHawk is your network security analysis tool with many features and alerts when network attacks occur with score report and attack path shown as IP.
This repository contains the source code for a digital store website, built using PHP and MySQL, with several security vulnerabilities
Subcollector is a powerfull tool for passive and active subdomain enumeration, design to help security researcher and penetration testing.
WebSecurityScanner
Lessons_Python-for-security-practitioners
SecurityTools_To_Airtable
Cyber Security Labs
NetworkSecurity
Este es un gestor de tareas y/o proyectos usando microservicios con spring boot, security, jwt y docker
Artificial Intelligence, PROOF of CONCEPT area. Completing MICROSOFT tutorial on GitHub Copilot SKILLS.
Proof of concept for Dev Ops project
A Social Networking Proof of Concept Website where users can create account, make friends, create posts and many more
Python_For_Ethical_Hacking
CI/CD usando scan actions para Container Security
SecurityCopilot
pizzas_spring_security
SecurityCopilot
Kenna Security (Cisco Vulnerability Management
Security
Proof of concept for a modernized Miller column view of files and folders.
🔒 Permix is a lightweight, framework-agnostic, type-safe permissions management library for JavaScript applications on the client and server sides.
R code set supporting ALS Early Proof of Concept (ePOC)
In this repository, the code of my solution for the AWS i-Hack AWS Financial Security Hackathon 2025 has been deployed.
Spring Boot 3 + Spring Security 6 - JWT Authentication and Authorization
Some useful personal hacks for Debian/ubuntu based OS
rainbow-six-siege-hack rainbow-six-siege-esp rainbow-six-siege-cheat r6-cheat r6-hack r6s-cheat rainbow-six-cheat r6s-hack r6s-esp rainbow-six-siege-hack-free free-r6s-hack rainbow-six-hack-free r6s-hack-free rainbow-six-siege-hacks rainbow-six-siege-chea
S25_CSS_G0_GDP is a repository to teach students the contents of Computer Systems Security
fortnite AI Hack Cheat Triggerbot Noclip silent aimbot esp wallhack wh exploit godmode fly FlickBot Legit SemiRage softaim 2024 inventory skin changer swapper hwid spoofer changer free download macros norecoil speedhack undetected injector radar FPS Boost
EscapefromTarkov hacks hack cheat cheats aimbot ESP wallhack no-recoil no-spread triggerbot radar-hack silent-aim infinite-ammo speed-hack god-mode instant-respawn rapid-fire infinite-abilities cooldown-hack anti-flash anti-smoke player-ESP EFT
Demonstration of setting a Virtual Network on Azure with subnets and Network Security Groups
An Arduino based Proof-of-Concept for Potential ET Communication
The WinRAR Exploit Builder is a C# project designed to create an exploit targeting a vulnerability in WinRAR.
Apex Legends AI Hack Cheat Triggerbot Noclip silent aimbot esp wallhack wh exploit godmode fly FlickBot Legit SemiRage softaim 2024 inventory skin changer swapper hwid spoofer changer free macros norecoil speedhack undetected injector radar FPS Booster Un
An open-access book on software supply chain security
FiveM External cheat, offers various features like aimbot, triggerbot, exploits, and customizable settings, enhancing the gameplay experience. It includes a KeyAuth system for additional security and user management. The cheat is designed to be undetectab
roblox cheat roblox-lua roblox-scripts roblox-script roblox-api-wrapperroblox-injector roblox-lua-script roblox-uwp injector-roblox roblox-injector-downloadinjector-roblox-download linjector roblox-executor-pc-2024 roblox-uwp-executor-2024 roblox-hack-new
This task evaluates your ability to create a basic user management system focusing on registration, login, and simple profile management. Your solution should demonstrate clean code, basic security practices, and an understanding of frontend-backend integ
Progetto del corso di Penetration Testing & Etichal Hacking del prof. Arcangelo Castiglione, in cui si analizza la sicurezza della VM Durian:1, reperibile su vulnhub.
web security project, a simplified (test) payment webapp built with spring security & vite + react
cs2-cheat cheat-cs-go midnight-cs-2 cs-2-cheats fatality midnight counter-strike-2-aimbot-pc counter-strike-2-aimbot-script counter-strike-2-free-aimbot counter-strike-2-recoil-hack counter-strike-2-free-utility cs2-aimlock cs2-glow-hack cs2-weapon-hack c
Substorm is a powerful tool for passive and active subdomain enumeration, designed to help security researchers and bug bounty hunters discover subdomains efficiently.
Comprehensive guide and tools for protecting Ubuntu and Debian servers against Brute Force and DDoS attacks. This repository covers key techniques for server security, real-time monitoring, attack mitigation, and automated defense mechanisms.
Course Mandatory: Alternative Assessment (AAT)
CSC4600_Group8_Optimizing-Food-Security
Project for Hack For Good 2025 by Fang Yi, Xin Yi, Skyler
Playwright proxy authentication & scraping example for Smartproxy
AsyncRAT stands as a Remote Access Tool (RAT) conceived for the purpose of distant supervision and command over remote computers through an encrypted connection ensuring security.
Cuber security projects
Proof of Concept of Github Actions
Security script
Files-Inspector-Pro-4.20 is a powerful software tool designed to analyze and inspect various types of files for errors, inconsistencies, and potential security threats. With a user-friendly interface and robust scanning capabilities, it provides detailed
Secured Website with Jwt , Cookies
Bypass-Hwid-Spoofer is a tool designed to help users change their hardware identification to bypass certain security measures or restrictions in applications or games. This software can effectively mask or modify unique identifiers associated with a user'
Here, cyber security learning platforms will be listed.
Proof of concept for a multi-environment GitHub Pages setup driven by branches
Azure ADT web app proof of concept.
POC (proof of concept) pri predmetu Strojno Učenje za projekt pametni paketnik
Learn & Develop Microservices with Java, Spring Boot, Spring Cloud, Docker, Kubernetes, Helm, Microservices Security
BADDADAN is a proof of concept which combines mechanistic modelling with machine learning to study the response of A. thaliana to stress
Cosmic-security
A mini project focusing on security in client and server relationship. Security concerns like end-to-end encryption, data encryption
JWT_Security_study
About A secure messaging platform built with React, designed for enterprise use with end-to-end encryption and strict security measures.
AISecLists - Your AI Red Teaming Arsenal. Discover a curated collection of prompt lists for diverse AI security assessments, including LLM jailbreaks, prompt injection, information disclosure, and more
Network-Isolation-and-Security-with-Namespaces
Ethical hacking utilities for testing Wi-Fi network security and monitoring.
Comprehensive exemplar of known skills and education which apply to cyber security professional positions
Team Incognito's entry for Hack For Good 2025
CSE194: Hacking History and Culture (Spring 2025) class site and documents
A group project from Hack Your Furture Cohort 51. This is a quiz app about video games. Find out if you are a veteran gamer!
Secure Banking Application focuses on building architecture that involves services from security to AI agent for better experience of customers.
dscommerce-security
Aether is an open-source webcam security tool that automatically captures and encrypts photos during system access attempts. Operating entirely offline with local storage, it provides a simple yet powerful way to monitor and secure your system while maint
Security
This stateless microservice manages user authentication and authorization, ensuring secure access to system endpoints. It uses JWT for authentication and Spring Security for authorization, with no need for server-side session storage. The service provides
FTP-configuration-and-security
Blockchain Solutions is a project dedicated to building innovative decentralized tools for blockchain integration. Features include Account Abstraction, smart contract templates, and decentralized identity management. Built with cutting-edge blockchain fr
ao-security
Project for the "Special Topics in Information Security" discipline.
proof-of-concept
This repository showcases my work on a security audit project for Botium Toys, a fictional toy company. As part of my learning in the Google Cybersecurity Certificate program, I conducted an internal audit to identify vulnerabilities, check for compliance
A eCommerce platform built with Symfony The platform integrates user authentication, security measures, and a cart system to ensure a seamless shopping experience. include product listings, user account management, order processing. This project follows
The DSecO project is a data model for representing and reasoning on Domain Name System (DNS) data. The ontology is developed using web technologies (e.g. RDF, OWL, SKOS) and is intended as a structure for realizing a DNS Knowledge Graph (KG) for administr
repository of me learning python to hack ethically
A Thick client app for linux, designed to be vulnerable. a.k.a. Linux-Damn-Vulnerable-Thick-Client or Linux-Thick-Client-GOAT
Case Study - Flight Search Api ((Java 21, Spring Boot, Mongodb, JUnit, Spring Security, JWT, Docker, AOP, Kubernetes, Prometheus, Grafana, Github Actions (CI/CD)))
MERN Stack Auth & Password Reset A MERN stack app featuring secure user authentication (signup, login, logout) with JWT, and an email-based password reset system. Built with MongoDB, Express, React, and Node, it follows best practices in security, valid
Runtimes for Senserva - early beta please contact us for assistance and information. These are runtimes only, source available upon request and approval by Senserva.
Senserva Inq.Uisitor is an easy way to monitor and manage the security of all the Azure EntraID tenants you manage. Works for IT and Security Teams out of the box. Advanced customizations also easily done.
Security
bitpixie proof of concept
Explore the blueprint behind upgrading a healthcare office’s SOHO network to enterprise standards: Cisco hardware, fiber cabling, cloud security, segmentation, cybersecurity, & HIPAA-compliant protection.
Study SpringSecurity
Manipal Information Security Team Web Development Bootcamp Work
spring-bank-security
Global Hack Week by MLH is an event series designed to encourage skill development through structured challenges. This repository documents my journey and solutions for each coding challenge, focusing on problem-solving and algorithm development.
Security
This mod adds industrial elements that combine industry, agriculture, and transportation, fantasy magic and fairy science systems, an incredible hack-and-slash RPG combat system, and a super-complex element centered on endless exploration. It provides an
springboot3.4.0 :: jdk21(lts) :: spring security :: JWT :: JPA :: TDD :: RestDocs
Presentation for BS7204: Network Security and Penetration Testing
OAuth2/OpenID authentication and authorization server.
Learn Docker fundamentals, build and deploy containerized applications, and explore advanced topics like security, networking, and CI/CD integration.
ai_security_project
Welcome to my portfolio showcasing **Cloud Computing (AWS)**, **Cybersecurity** and **Machine Learning** projects! The objective of these projects is to demonstrate my growing proficiency in these fields with hands-on, real-world applications.
Cyber_security
This is a Spring Boot Project using Spring_Boot and Spring_Security etc...
Cyber-Security-Epicode
cloud-security-homelab
Cybersecurity Project: Monoalphabetic Encoder, Decoder, Brute-Force and Frequency-Analysis Attacker, and Implementation of Security Protocols Using Quantum Computing
This Repository is the main Source to my IT-Security Module in my Masters. It covers a Presentation and a Paper with a brief in depth explanation on how fuzzers work. The paper also Covers ideas and aproaches to include machine learning into a fuzzer to m
A proof of concept for the MatriXSS application, build with Flask.
This is a Decentralized Personal Health Record System (DPHRS) built on Ethereum Blockchain .It aims to give patients more control, privacy, and security over their medical data by decentralizing the storage and access.
A proof-of-concept tool for linking Minecraft player accounts with Discord profiles using unique verification codes. Not intended for production use.
A proof of concept face search engine for Microsoft Hololens.
This is a fun proof of concept for a personal assistant using the OpenAI Realtime API.
💃 A type-safe, secure SQLite query builder with D1/Turso support with built-in migrations and security features.
A Proof of Concept for a Human Resources Management System built with Next.js for the frontend and Express.js for the backend.
Hacking-Scripts
A tool for generating optimised schedules for a team of private security guards, incorporating availability constraints, preferences and training. Based on Flask, OR-Tools and Vue.js, it offers an intuitive interface and results tailored to professional n
Proof of Concept for RIP-7755
This repository focuses on assessing mobile apps for security vulnerabilities. It covers key topics like data storage, cryptography, and injection attacks. Users will learn to identify threats, reverse-engineer apps, and apply countermeasures, gaining pra
Generic app starter with auth workflow, security protections, and containerized dev, test and production environments.
A binary authorization and monitoring system for macOS
[UPDATE] 🛜 WiFi-Grabber collects Wi-Fi SSIDs and passwords and sends the logs to a Discord channel via webhook and more.
App Passwords Web API and Integration for Dovecot
Zen protects your Java app against attacks with one line of code. Get peace of mind— at runtime.
Vallem Security Group's open source analysis and vulnerability scanner.
Hacking reports and supporting material for the LLM hacking study
Research and discoveries in Information Security and Cryptography. Currently a hobby with real-world aspirations, hoping to put this into practice soon.
A secure and user-friendly key management solution for the Push chain, enabling seamless multi-chain interactions with advanced security and privacy features.
HackSmithScripts is a public GitHub repository offering a variety of tools and scripts for hacking, pentesting, red teaming, and vulnerability scanning. Ideal for cybersecurity professionals, penetration testers, and ethical hackers.
List of InfoSec/Hacker Cons
ESP32 based, hacked together modular-synth like thing for possible educational use.
Contributor9 티스토리 블로그 내에서 활용한 내용들을 담은 레포지토리입니다.
KeyMan is a password manager app built using Kotlin and Jetpack Compose, leveraging Room database for storage and AES encryption for maximum security.
proof of concept dating app using dotnet and angular
Executing GATK ValidateSamFile command using Gramine SGX proof of concept.
A multi-column reading experience for Hacker News
THE HACK
GameShield - An open-source solution to protect your Unity-based games. Anti-cheat, time-control, data ecnryption and memory protection and other security modules for your games.
The Python Risk Identification Tool for generative AI (PyRIT) is an open source framework built to empower security professionals and engineers to proactively identify risks in generative AI systems.
MQTT client to report state of LifeSOS security system and devices
Notes for hack the box and other lab machines
AI FAQ Proof-of-Concept project: it provides a chatbot that replies to the questions on Hyperledger Ecosystem
Fortify GitHub Actions
A tool for deobfuscating JavaScript code protected by JSDefender to make it easier to analyse
GitHub Actions for security checks
Proof-of-concept exploit for the Solana transaction simulation bypass.
Software Supply Chain Security Platform
Dataset tools for acquiring and investigating hacker news
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address poten
Solidity, Defi, and blockchain security resources.
Debian ELTS Security Advisories in OSV Format. Unofficial - not affiliated with Freexian.
Automation
a pi-zero powered hacking tool, with badusb capabilities and hoaxshell payload generation and injection; the little sibling of the unfortunately dead p4wnp1-aloa
Drop-in proof-of-concept Astro app, fully integrated with your ButterCMS account
Simple client for interacting with the IKEA Dirigera hub (made as a proof-of-concept)
This is a simple Keylogger project designed to log keystrokes on a computer. It serves as an educational and awareness tool for understanding potential security risks related to keyloggers. Please use this responsibly and only on systems you own or have e
Proofs of Concept
This repository contains a simple geolocation api microservice, fast, reliable, Kubernetes friendly and ready written in go as a proof of concept.
Drop-in proof-of-concept Angular app, fully integrated with your ButterCMS account
Drop-in proof-of-concept Nuxt.JS, fully integrated with your ButterCMS account
Organic set of software components that assists in implementing resilient distributed systems that excel in reconfigurability, monitorability, modularity, extensibility, and openness. It includes libraries of ready-to-use modules for Big Data data enginee
Security Auditor Utility for GraphQL APIs
My first freelance job back in 2021. This is a landing page developed in React following mobile-first principles. This project was created for a real client who wanted this landing page proof of concept (PoC) for their project.
The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines
Various Proof of Concept Materials/Shaders/PostPro
Beaver Hacks website
the only repository you've ever needed. supercharge your application today with this ultra performant library.
SOOS Security Analysis CI for GitHub Actions
A repository for my study activities
Secweb is a pack of security middlewares for fastApi and starlette server it includes CSP, HSTS, and many more
This repository showcases demonstrations and scenarios using Microsoft Cloud technologies. Please note that these demos are intended as a guide and are based on my personal experiences.
HTML5 make qr code hacks
a collection about macOS
Best-practices security made usable.
A security focused static analysis tool for Android and Java applications.
Neovim configuration with some personal hacks.
CodeQL Security Queries
Creating a resource to help build and manage an Insider Threat program.
Advance phishing tool with custom URL tunneling hosted by LocalTunnel, Ngrok, Cloudflare
EMBA - The firmware security analyzer
security-filter-tools
Portability shim for OpenBSD's rpki-client
hacked together terragrunt hclfmt plugin
The HCS SXC (SDK eXtension Components) is a set of pre-built components that aim to provide additional functionality over and above the java SDK for HCS to make it easier and quicker to develop applications. This repository is only intended for demo purpo
Basic Atomic Swap Proof of Concept
Repository of various security and operational indicators collected while simulating the common adversary TTPs
🐣 Hacking with Swift Challenges and Tutorials
Visit https://la1r.com for more details on this project!
Hack the World using Termux
❄️ Firmware and simulator for Coldcard Hardware Wallet
NATflow hack kernel module
Pythonic WebAuthn 🐍
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter
Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS repositories and doesn't include patches not relevant to the build
UI for Security Video Playback
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Very Simple Proof of Concept Parser for Simple Arithmetic Expressions.
Autonomous Surveillance and Security Drone
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com
Keeper Commander is a python-based CLI and SDK interface to the Keeper Security platform. Provides administrative controls, reporting, import/export and vault management.
Archive - Repository contains old publicly released presentations, tools, Proof of Concepts and other junk.
Application Security Verification Standard
Apache Syncope
AIL framework - Analysis Information Leak framework. Project moved to https://github.com/ail-project
SAFETAG is a curricula, a methodology, and a framework for security auditors working with advocacy groups.
sensible hacker defaults managed with chezmoi
Free Elasticsearch security plugin and Kibana security plugin: super-easy Kibana multi-tenancy, Encryption, Authentication, Authorization, Auditing
A p2p, secure file storage, social network and application protocol
Rudder is a configuration and security automation platform. Manage your Cloud, hybrid or on-premises infrastructure in a simple, scalable and dynamic way.
CVE-2024-10497 -- CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an
CVE-2024-10799 -- The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventer_woo_download_tickets() function. This makes it possible for authenticated attackers, with Subscriber-level access and above,
CVE-2024-11139 -- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that
CVE-2024-11146 -- TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is an entirely cloud-hosted application. Prior to version
CVE-2024-11425 -- CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the
CVE-2024-12142 -- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could
CVE-2024-12203 -- The RSS Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link_color’ parameter in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authentic
CVE-2024-12370 -- The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check when adding rooms in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to add rooms
CVE-2024-12399 -- CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability
CVE-2024-12466 -- The Proofreading plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenti
CVE-2024-12476 -- CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could
CVE-2024-12508 -- The Glofox Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glofox' and 'glofox_lead_capture ' shortcodes in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on
CVE-2024-12598 -- The MyBookProgress by Stormhill Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘book’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible
CVE-2024-12637 -- The Moving Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.05 via the export functionality. The JSON files are stored in predictable locations with guessable file names when exporting user
CVE-2024-12703 -- CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity
CVE-2024-13333 -- The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subsc
CVE-2024-13366 -- The Sandbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'debug' parameter in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated att
CVE-2024-13367 -- The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the export_download action in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Subscriber-level acce
CVE-2024-13377 -- The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alt’ parameter in all versions up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate
CVE-2024-13378 -- The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style_settings’ parameter in versions 2.9.0.1 up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for
CVE-2024-13386 -- The quote-posttype-plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Author field in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticat
CVE-2024-13398 -- The Checkout for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'checkout_for_paypal' shortcode in all versions up to, and including, 1.0.32 due to insufficient input sanitization and output escaping on user supp
CVE-2024-13401 -- The Payment Button for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_paypal_checkout' shortcode in all versions up to, and including, 1.2.3.35 due to insufficient input sanitization and output escaping on us
CVE-2024-13434 -- The WP Inventory Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for un
CVE-2024-13502 -- Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM allows Local Code Inclusion.This issue affects NTC2218, NTC2250, NTC2299: from 1.0.
CVE-2024-13503 -- Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM (Updating signaling process in the swdownload binary modules) allows Local Execution of Code, Remote Code Inclu
CVE-2024-34579 -- Fuji Electric Alpha5 SMART
CVE-2024-51462 -- IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data.
CVE-2024-52363 -- IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVE-2025-0527 -- A vulnerability classified as critical was found in code-projects Admission Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /signupconfirm.php. The manipulation of the argument in_eml leads to sql injection. T
CVE-2018-25108 -- An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption.
CVE-2021-35684 -- Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2022-21306.
CVE-2021-35685 -- Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2022-21371
CVE-2022-21384 -- Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2021-39275.
CVE-2023-22139 -- Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is mistakenly published by the other party.
CVE-2023-4319 -- Rejected reason: This CVE ID is a reservation duplicate of CVE-2023-4677. Notes: All CVE users should reference CVE-2023-4677 instead of this CVE ID.
CVE-2024-10789 -- The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupa_user_admin() function. This makes it possible for un
CVE-2024-10970 -- The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly val
CVE-2024-11452 -- The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'business_categories' shortcode in all versions up to, and including, 3.3.8 due to insufficient input sanitization and output escap
CVE-2024-12226 -- In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was determined that this could also be achieved in Version 1 a
CVE-2024-12427 -- The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attacke
CVE-2024-12613 -- The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient p
CVE-2024-12614 -- The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pms_save_setting' and 'post_new_pass' AJAX actions in all versions up to, and including, 1.4.8. This makes it possible
CVE-2024-12615 -- The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient pr
CVE-2024-13355 -- The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the upload_file() function in all versions up to, and including, 13.2. This make
CVE-2024-13387 -- The WP Responsive Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprtabs' shortcode in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attribute
CVE-2024-36402 -- Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to th
CVE-2024-36403 -- Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of re
CVE-2024-37181 -- Time-of-check time-of-use race condition in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable information disclosure via adjacent access.
CVE-2024-40513 -- An issue in themesebrand Chatvia v.5.3.2 allows a remote attacker to execute arbitrary code via the User profile Upload image function.
CVE-2024-40514 -- Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote attacker to escalate privileges via the User profile name and image upload functions.
CVE-2024-41746 -- IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials d
CVE-2024-45331 -- A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6
CVE-2024-46450 -- Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request.
CVE-2024-48460 -- An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails.
CVE-2024-48885 -- A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 t
CVE-2024-50563 -- A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud ver
CVE-2024-50633 -- A Broken Object Level Authorization (BOLA) vulnerability in Indico v3.2.9 allows attackers to access sensitive information via sending a crafted POST request to the component /api/principals.
CVE-2024-52594 -- Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit `c4f1e01` fixes this issue. Users are advis
CVE-2024-52602 -- Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo (MMR) is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fi
CVE-2024-52791 -- Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing,
CVE-2024-53553 -- An issue in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK v11.1.0 allows attackers to bypass authentication via crafted web requests.
CVE-2024-54660 -- A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Dr
CVE-2024-55511 -- A null pointer dereference vulnerability in Macrium Reflect prior to 8.1.8017 allows an attacker to elevate their privileges via executing a specially crafted executable.
CVE-2024-55954 -- OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint `/api/{org_id}/users/{email_id}` allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarch
CVE-2024-56136 -- Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated user c
CVE-2024-56515 -- Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled (they are disabled by default), a user may upload a file which claims to be either of these types and request a thumbn
CVE-2024-57159 -- 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html.
CVE-2024-57160 -- 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html.
CVE-2024-57161 -- 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/edit.html
CVE-2024-57162 -- Campcodes Cybercafe Management System v1.0 is vulnerable to SQL Injection in /ccms/view-user-detail.php.
CVE-2024-57575 -- Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.
CVE-2024-57577 -- Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
CVE-2024-57578 -- Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in the formSetCfm function.
CVE-2024-57579 -- Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function.
CVE-2024-57580 -- Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.
CVE-2024-57581 -- Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.
CVE-2024-57582 -- Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function.
CVE-2024-57583 -- Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function.
CVE-2024-57611 -- 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId.
CVE-2024-57676 -- An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G wlan service of the device via a crafted POST request.
CVE-2024-57677 -- An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the wan service of the device via a crafted POST request.
CVE-2024-57678 -- An access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G mac access control list of the device via a crafted POST request.
CVE-2024-57679 -- An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G repeater service of the device via a crafted POST request.
CVE-2024-57680 -- An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the port trigger of the device via a crafted POST request.
CVE-2024-57681 -- An access control issue in the component form2alg.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the agl service of the device via a crafted POST request.
CVE-2024-57682 -- An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST request.
CVE-2024-57683 -- An access control issue in the component websURLFilterAddDel of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the filter settings of the device via a crafted POST request.
CVE-2024-57684 -- An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request.
CVE-2024-57703 -- Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow.
CVE-2024-57704 -- Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime leads to stack-based buffer overflow.
CVE-2024-57768 -- JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key.
CVE-2024-57769 -- JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser.
CVE-2024-57770 -- JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id.
CVE-2024-57771 -- A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-57772 -- A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-57773 -- A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-57774 -- A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-57775 -- JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid.
CVE-2024-57776 -- A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-57784 -- An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal.
CVE-2024-57785 -- Zenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local file inclusion vulnerability via the component amc_uploads.php.
CVE-2025-0170 -- The DWT - Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the 'sort_by' and 'token' parameters. This makes it possibl
CVE-2025-0455 -- The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2025-0456 -- The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all accounts and passwords.
CVE-2025-0457 -- The airPASS from NetVision Information has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands.
CVE-2025-0471 -- Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to gain remote access to the machine, being able to access, modify and execute commands freely.
CVE-2025-0472 -- Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and enumerate the internal files of a machine by looking at the request response.
CVE-2025-0473 -- Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the ‘/pmb/authorities/import/iimport_authorities’ endpoi
CVE-2025-0476 -- Mattermost Mobile Apps versions <=2.22.0 fail to properly handle specially crafted attachment names, which allows an attacker to crash the mobile app for any user who opened a channel containing the specially crafted attachment
CVE-2025-0518 -- Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C .
CVE-2025-20072 -- Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input.
CVE-2025-20621 -- Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating
CVE-2025-20630 -- Mattermost Mobile versions <=2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the mobile to crash via creating and sending such a post to a channel.
CVE-2025-22904 -- RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function.
CVE-2025-22905 -- RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp.
CVE-2025-22906 -- RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN.
CVE-2025-22907 -- RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function.
CVE-2025-22912 -- RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept.
CVE-2025-22913 -- RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formStaDrvSetup function.
CVE-2025-22916 -- RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPoESetup function.
CVE-2025-23198 -- librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versions u
CVE-2025-23199 -- librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `/ajax_form.php` -> param: descr. Librenms version up to 24.10.1 allow remote attackers to inject malicious scripts. When
CVE-2025-23200 -- librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `ajax_form.php` -> param: state. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When
CVE-2025-23201 -- librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting (XSS) on the parameters:`/addhost` -> param: community. Librenms versions up to 24.10.1 allow remote attackers to inject malicious
CVE-2025-23423 -- Missing Authorization vulnerability in Smackcoders SendGrid for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SendGrid for WordPress: from n/a through 1.4.
CVE-2025-23424 -- Cross-Site Request Forgery (CSRF) vulnerability in Brian Novotny – Creative Software Design Solutions Marquee Style RSS News Ticker allows Cross Site Request Forgery.This issue affects Marquee Style RSS News Ticker: from n/a through 3.2.0.
CVE-2025-23426 -- Cross-Site Request Forgery (CSRF) vulnerability in Wizcrew Technologies go Social allows Stored XSS.This issue affects go Social: from n/a through 1.0.
CVE-2025-23429 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in altimawebsystems.com Altima Lookbook Free for WooCommerce allows Reflected XSS.This issue affects Altima Lookbook Free for WooCommerce: from n/a through
CVE-2025-23430 -- Cross-Site Request Forgery (CSRF) vulnerability in Oren Yomtov Mass Custom Fields Manager allows Reflected XSS.This issue affects Mass Custom Fields Manager: from n/a through 1.5.
CVE-2025-23432 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlTi5 AlT Report allows Reflected XSS.This issue affects AlT Report: from n/a through 1.12.0.
CVE-2025-23434 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Albertolabs.com Easy EU Cookie law allows Stored XSS.This issue affects Easy EU Cookie law: from n/a through 1.3.3.1.
CVE-2025-23435 -- Cross-Site Request Forgery (CSRF) vulnerability in David Marcucci Password Protect Plugin for WordPress allows Stored XSS.This issue affects Password Protect Plugin for WordPress: from n/a through 0.8.1.0.
CVE-2025-23436 -- Cross-Site Request Forgery (CSRF) vulnerability in Capa Wp-Scribd-List allows Stored XSS.This issue affects Wp-Scribd-List: from n/a through 1.2.
CVE-2025-23438 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MarvinLabs WP PT-Viewer allows Reflected XSS.This issue affects WP PT-Viewer: from n/a through 2.0.2.
CVE-2025-23442 -- Cross-Site Request Forgery (CSRF) vulnerability in matias s Shockingly Big IE6 Warning allows Stored XSS.This issue affects Shockingly Big IE6 Warning: from n/a through 1.6.3.
CVE-2025-23444 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nasir Scroll Top Advanced allows Stored XSS.This issue affects Scroll Top Advanced: from n/a through 2.5.
CVE-2025-23445 -- Cross-Site Request Forgery (CSRF) vulnerability in Scott Swezey Easy Tynt allows Cross Site Request Forgery.This issue affects Easy Tynt: from n/a through 0.2.5.1.
CVE-2025-23452 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EditionGuard Dev Team EditionGuard for WooCommerce – eBook Sales with DRM allows Reflected XSS.This issue affects EditionGuard for WooCommerce – eBook Sa
CVE-2025-23453 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Myriad Solutionz Stars SMTP Mailer allows Reflected XSS.This issue affects Stars SMTP Mailer: from n/a through 1.7.
CVE-2025-23455 -- Cross-Site Request Forgery (CSRF) vulnerability in mastersoftwaresolutions WP VTiger Synchronization allows Stored XSS.This issue affects WP VTiger Synchronization: from n/a through 1.1.1.
CVE-2025-23456 -- Cross-Site Request Forgery (CSRF) vulnerability in Somethinkodd.com Development Team EmailShroud allows Reflected XSS.This issue affects EmailShroud: from n/a through 2.2.1.
CVE-2025-23463 -- Cross-Site Request Forgery (CSRF) vulnerability in Mukesh Dak MD Custom content after or before of post allows Stored XSS.This issue affects MD Custom content after or before of post: from n/a through 1.0.
CVE-2025-23467 -- Cross-Site Request Forgery (CSRF) vulnerability in Vimal Ghorecha RSS News Scroller allows Stored XSS.This issue affects RSS News Scroller: from n/a through 2.0.0.
CVE-2025-23470 -- Cross-Site Request Forgery (CSRF) vulnerability in X Villamuera Visit Site Link enhanced allows Stored XSS.This issue affects Visit Site Link enhanced: from n/a through 1.0.
CVE-2025-23471 -- Cross-Site Request Forgery (CSRF) vulnerability in Andy Chapman ECT Add to Cart Button allows Stored XSS.This issue affects ECT Add to Cart Button: from n/a through 1.4.
CVE-2025-23476 -- Cross-Site Request Forgery (CSRF) vulnerability in isnowfy my-related-posts allows Stored XSS.This issue affects my-related-posts: from n/a through 1.1.
CVE-2025-23483 -- Cross-Site Request Forgery (CSRF) vulnerability in Niklas Olsson Universal Analytics Injector allows Stored XSS.This issue affects Universal Analytics Injector: from n/a through 1.0.3.
CVE-2025-23497 -- Cross-Site Request Forgery (CSRF) vulnerability in Albdesign Simple Project Manager allows Stored XSS.This issue affects Simple Project Manager: from n/a through 1.2.2.
CVE-2025-23499 -- Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier Board Election allows Stored XSS.This issue affects Board Election: from n/a through 1.0.1.
CVE-2025-23501 -- Cross-Site Request Forgery (CSRF) vulnerability in SpruceJoy Cookie Consent & Autoblock for GDPR/CCPA allows Stored XSS.This issue affects Cookie Consent & Autoblock for GDPR/CCPA: from n/a through 1.0.1.
CVE-2025-23508 -- Cross-Site Request Forgery (CSRF) vulnerability in EdesaC Extra Options – Favicons allows Stored XSS.This issue affects Extra Options – Favicons: from n/a through 1.1.0.
CVE-2025-23510 -- Cross-Site Request Forgery (CSRF) vulnerability in Zaantar WordPress Logging Service allows Stored XSS.This issue affects WordPress Logging Service: from n/a through 1.5.4.
CVE-2025-23511 -- Cross-Site Request Forgery (CSRF) vulnerability in Viktoria Rei Bauer WP-BlackCheck allows Stored XSS.This issue affects WP-BlackCheck: from n/a through 2.7.2.
CVE-2025-23513 -- Cross-Site Request Forgery (CSRF) vulnerability in Joshua Wieczorek Bible Embed allows Stored XSS.This issue affects Bible Embed: from n/a through 0.0.4.
CVE-2025-23514 -- Missing Authorization vulnerability in Sanjaysolutions Loginplus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Loginplus: from n/a through 1.2.
CVE-2025-23528 -- Incorrect Privilege Assignment vulnerability in Wouter Dijkstra DD Roles allows Privilege Escalation.This issue affects DD Roles: from n/a through 4.1.
CVE-2025-23530 -- Cross-Site Request Forgery (CSRF) vulnerability in Yonatan Reinberg of Social Ink Custom Post Type Lockdown allows Privilege Escalation.This issue affects Custom Post Type Lockdown: from n/a through 1.11.
CVE-2025-23532 -- Cross-Site Request Forgery (CSRF) vulnerability in Regios MyAnime Widget allows Privilege Escalation.This issue affects MyAnime Widget: from n/a through 1.0.
CVE-2025-23533 -- Cross-Site Request Forgery (CSRF) vulnerability in Adrian Moreno WP Lyrics allows Stored XSS.This issue affects WP Lyrics: from n/a through 0.4.1.
CVE-2025-23537 -- Cross-Site Request Forgery (CSRF) vulnerability in Oren hahiashvili add custom google tag manager allows Stored XSS.This issue affects add custom google tag manager: from n/a through 1.0.3.
CVE-2025-23547 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Shaw LH Login Page allows Reflected XSS.This issue affects LH Login Page: from n/a through 2.14.
CVE-2025-23557 -- Cross-Site Request Forgery (CSRF) vulnerability in Kathleen Malone Find Your Reps allows Stored XSS.This issue affects Find Your Reps: from n/a through 1.2.
CVE-2025-23558 -- Cross-Site Request Forgery (CSRF) vulnerability in digfish Geotagged Media allows Stored XSS.This issue affects Geotagged Media: from n/a through 0.3.0.
CVE-2025-23559 -- Cross-Site Request Forgery (CSRF) vulnerability in Stepan Stepasyuk MemeOne allows Stored XSS.This issue affects MemeOne: from n/a through 2.0.5.
CVE-2025-23560 -- Cross-Site Request Forgery (CSRF) vulnerability in Elke Hinze, Plumeria Web Design Web Testimonials allows Stored XSS.This issue affects Web Testimonials: from n/a through 1.2.
CVE-2025-23566 -- Cross-Site Request Forgery (CSRF) vulnerability in Syed Amir Hussain Custom Post allows Stored XSS.This issue affects Custom Post: from n/a through 1.0.
CVE-2025-23567 -- Cross-Site Request Forgery (CSRF) vulnerability in Intuitive Design GDReseller allows Stored XSS.This issue affects GDReseller: from n/a through 1.6.
CVE-2025-23569 -- Cross-Site Request Forgery (CSRF) vulnerability in Kelvin Ng Shortcode in Comment allows Stored XSS.This issue affects Shortcode in Comment: from n/a through 1.1.1.
CVE-2025-23572 -- Cross-Site Request Forgery (CSRF) vulnerability in Dave Konopka, Martin Scharm UpDownUpDown allows Stored XSS.This issue affects UpDownUpDown: from n/a through 1.1.
CVE-2025-23573 -- Cross-Site Request Forgery (CSRF) vulnerability in Sam Burdge WP Background Tile allows Stored XSS.This issue affects WP Background Tile: from n/a through 1.0.
CVE-2025-23577 -- Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Word Freshener allows Stored XSS.This issue affects Word Freshener: from n/a through 1.3.
CVE-2025-23617 -- Cross-Site Request Forgery (CSRF) vulnerability in Oliver Schaal Floatbox Plus allows Stored XSS.This issue affects Floatbox Plus: from n/a through 1.4.4.
CVE-2025-23618 -- Cross-Site Request Forgery (CSRF) vulnerability in Andrea Brandi Twitter Shortcode allows Stored XSS.This issue affects Twitter Shortcode: from n/a through 0.9.
CVE-2025-23620 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexey Trofimov Captchelfie – Captcha by Selfie allows Reflected XSS.This issue affects Captchelfie – Captcha by Selfie: from n/a through 1.0.7.
CVE-2025-23623 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahesh Bisen Contact Form 7 – CCAvenue Add-on allows Reflected XSS.This issue affects Contact Form 7 – CCAvenue Add-on: from n/a through 1.0.
CVE-2025-23627 -- Cross-Site Request Forgery (CSRF) vulnerability in Gordon French Comment-Emailer allows Stored XSS.This issue affects Comment-Emailer: from n/a through 1.0.5.
CVE-2025-23639 -- Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC YouTube Downloader allows Stored XSS.This issue affects MDC YouTube Downloader: from n/a through 3.0.0.
CVE-2025-23640 -- Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan Rename Author Slug allows Stored XSS.This issue affects Rename Author Slug: from n/a through 1.2.0.
CVE-2025-23641 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thomas Ehrhardt Powie's pLinks PagePeeker allows DOM-Based XSS.This issue affects Powie's pLinks PagePeeker: from n/a through 1.0.2.
CVE-2025-23642 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pflonk Sidebar-Content from Shortcode allows DOM-Based XSS.This issue affects Sidebar-Content from Shortcode: from n/a through 2.0.
CVE-2025-23644 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Kuepper QuoteMedia Tools allows DOM-Based XSS.This issue affects QuoteMedia Tools: from n/a through 1.0.
CVE-2025-23649 -- Cross-Site Request Forgery (CSRF) vulnerability in Kreg Steppe Auphonic Importer allows Stored XSS.This issue affects Auphonic Importer: from n/a through 1.5.1.
CVE-2025-23654 -- Cross-Site Request Forgery (CSRF) vulnerability in Vinícius Krolow Twitter Post allows Stored XSS.This issue affects Twitter Post: from n/a through 0.1.
CVE-2025-23659 -- Cross-Site Request Forgery (CSRF) vulnerability in Hernan Javier Hegykozi MercadoLibre Integration allows Stored XSS.This issue affects MercadoLibre Integration: from n/a through 1.1.
CVE-2025-23660 -- Cross-Site Request Forgery (CSRF) vulnerability in Walter Cerrudo MFPlugin allows Stored XSS.This issue affects MFPlugin: from n/a through 1.3.
CVE-2025-23661 -- Cross-Site Request Forgery (CSRF) vulnerability in Ryan Sutana NV Slider allows Stored XSS.This issue affects NV Slider: from n/a through 1.6.
CVE-2025-23662 -- Cross-Site Request Forgery (CSRF) vulnerability in Ryan Sutana WP Panoramio allows Stored XSS.This issue affects WP Panoramio: from n/a through 1.5.0.
CVE-2025-23664 -- Cross-Site Request Forgery (CSRF) vulnerability in Real Seguro Viagem Real Seguro Viagem allows Stored XSS.This issue affects Real Seguro Viagem: from n/a through 2.0.5.
CVE-2025-23665 -- Cross-Site Request Forgery (CSRF) vulnerability in Rapid Sort RSV GMaps allows Stored XSS.This issue affects RSV GMaps: from n/a through 1.5.
CVE-2025-23673 -- Cross-Site Request Forgery (CSRF) vulnerability in Don Kukral Email on Publish allows Stored XSS.This issue affects Email on Publish: from n/a through 1.5.
CVE-2025-23675 -- Cross-Site Request Forgery (CSRF) vulnerability in SandyIN Import Users to MailChimp allows Stored XSS.This issue affects Import Users to MailChimp: from n/a through 1.0.
CVE-2025-23677 -- Cross-Site Request Forgery (CSRF) vulnerability in DSmidgy HTTP to HTTPS link changer by Eyga.net allows Stored XSS.This issue affects HTTP to HTTPS link changer by Eyga.net: from n/a through 0.2.4.
CVE-2025-23689 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Poco Blogger Image Import allows Stored XSS.This issue affects Blogger Image Import: from 2.1 through n/a.
CVE-2025-23690 -- Cross-Site Request Forgery (CSRF) vulnerability in ArtkanMedia Book a Place allows Stored XSS.This issue affects Book a Place: from n/a through 0.7.1.
CVE-2025-23691 -- Cross-Site Request Forgery (CSRF) vulnerability in Braulio Aquino García Send to Twitter allows Stored XSS.This issue affects Send to Twitter: from n/a through 1.7.2.
CVE-2025-23692 -- Cross-Site Request Forgery (CSRF) vulnerability in Artem Anikeev Slider for Writers allows Stored XSS.This issue affects Slider for Writers: from n/a through 1.3.
CVE-2025-23693 -- Cross-Site Request Forgery (CSRF) vulnerability in Stanislaw Skonieczny Secure CAPTCHA allows Stored XSS.This issue affects Secure CAPTCHA: from n/a through 1.2.
CVE-2025-23694 -- Cross-Site Request Forgery (CSRF) vulnerability in Shabbos Commerce Shabbos and Yom Tov allows Stored XSS.This issue affects Shabbos and Yom Tov: from n/a through 1.9.
CVE-2025-23698 -- Cross-Site Request Forgery (CSRF) vulnerability in Iván R. Delgado Martínez WP Custom Google Search allows Stored XSS.This issue affects WP Custom Google Search: from n/a through 1.0.
CVE-2025-23699 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TechMix Event Countdown Timer Plugin by TechMix allows Reflected XSS.This issue affects Event Countdown Timer Plugin by TechMix: from n/a through 1.4.
CVE-2025-23702 -- Cross-Site Request Forgery (CSRF) vulnerability in Schalk Burger Anonymize Links allows Stored XSS.This issue affects Anonymize Links: from n/a through 1.1.
CVE-2025-23703 -- Cross-Site Request Forgery (CSRF) vulnerability in CS : ABS-Hosting.nl / Walchum.net Free MailClient FMC allows Stored XSS.This issue affects Free MailClient FMC: from n/a through 1.0.
CVE-2025-23708 -- Cross-Site Request Forgery (CSRF) vulnerability in Dominic Fallows DF Draggable allows Stored XSS.This issue affects DF Draggable: from n/a through 1.13.2.
CVE-2025-23710 -- Cross-Site Request Forgery (CSRF) vulnerability in Mayur Sojitra Flying Twitter Birds allows Stored XSS.This issue affects Flying Twitter Birds: from n/a through 1.8.
CVE-2025-23712 -- Cross-Site Request Forgery (CSRF) vulnerability in Kapost Kapost allows Stored XSS.This issue affects Kapost: from n/a through 2.2.9.
CVE-2025-23713 -- Cross-Site Request Forgery (CSRF) vulnerability in Artem Anikeev Hack me if you can allows Stored XSS.This issue affects Hack me if you can: from n/a through 1.2.
CVE-2025-23715 -- Cross-Site Request Forgery (CSRF) vulnerability in RaymondDesign Post & Page Notes allows Stored XSS.This issue affects Post & Page Notes: from n/a through 0.1.1.
CVE-2025-23717 -- Cross-Site Request Forgery (CSRF) vulnerability in ITMOOTI Theme My Ontraport Smartform allows Stored XSS.This issue affects Theme My Ontraport Smartform: from n/a through 1.2.11.
CVE-2025-23720 -- Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Web Push allows Stored XSS.This issue affects Web Push: from n/a through 1.4.0.
CVE-2025-23743 -- Cross-Site Request Forgery (CSRF) vulnerability in Martijn Scheybeler Social Analytics allows Stored XSS.This issue affects Social Analytics: from n/a through 0.2.
CVE-2025-23745 -- Cross-Site Request Forgery (CSRF) vulnerability in Tussendoor internet & marketing Call me Now allows Stored XSS.This issue affects Call me Now: from n/a through 1.0.5.
CVE-2025-23749 -- Cross-Site Request Forgery (CSRF) vulnerability in Mahdi Khaksar mybb Last Topics allows Stored XSS.This issue affects mybb Last Topics: from n/a through 1.0.
CVE-2025-23760 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Volkov Chatter allows Stored XSS. This issue affects Chatter: from n/a through 1.0.1.
CVE-2025-23761 -- Missing Authorization vulnerability in Alex Volkov Woo Tuner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Tuner: from n/a through 0.1.2.
CVE-2025-23764 -- Missing Authorization vulnerability in Ujjaval Jani Copy Move Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Copy Move Posts: from n/a through 1.6.
CVE-2025-23765 -- Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER allows Cross Site Request Forgery.This issue affects W3SPEEDSTER: from n/a through 7.33.
CVE-2025-23767 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Revolutionart Marmoset Viewer allows Stored XSS.This issue affects Marmoset Viewer: from n/a through 1.9.3.
CVE-2025-23772 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eugenio Petullà imaGenius allows Stored XSS.This issue affects imaGenius: from n/a through 1.7.
CVE-2025-23775 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WWP GMAPS for WPBakery Page Builder Free allows Stored XSS.This issue affects GMAPS for WPBakery Page Builder Free: from n/a through 1.2.
CVE-2025-23776 -- Missing Authorization vulnerability in Thorn Technologies LLC Cache Sniper for Nginx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through 1.0.4.2.
CVE-2025-23777 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Willows Consulting Ltd. GDPR Personal Data Reports allows Stored XSS.This issue affects GDPR Personal Data Reports: from n/a through 1.0.5.
CVE-2025-23778 -- Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through 1.3.2.
CVE-2025-23779 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in web-mv.de ResAds allows SQL Injection.This issue affects ResAds: from n/a through 2.0.5.
CVE-2025-23780 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AlphaBPO Easy Code Snippets allows SQL Injection.This issue affects Easy Code Snippets: from n/a through 1.0.2.
CVE-2025-23783 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in carrotbits Greek Namedays Widget From Eortologio.Net allows Stored XSS.This issue affects Greek Namedays Widget From Eortologio.Net: from n/a through 201
CVE-2025-23785 -- Missing Authorization vulnerability in August Infotech AI Responsive Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Responsive Gallery Album: from n/a through 1.4.
CVE-2025-23791 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RocaPress Horizontal Line Shortcode allows Stored XSS.This issue affects Horizontal Line Shortcode: from n/a through 1.0.
CVE-2025-23793 -- Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian Auto FTP allows Stored XSS. This issue affects Auto FTP: from n/a through 1.0.1.
CVE-2025-23794 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rccoder wp_amaps allows Stored XSS.This issue affects wp_amaps: from n/a through 1.7.
CVE-2025-23795 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gold Plugins Easy FAQs allows Stored XSS.This issue affects Easy FAQs: from n/a through 3.2.1.
CVE-2025-23796 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tushar Patel Easy Portfolio allows Stored XSS.This issue affects Easy Portfolio: from n/a through 1.3.
CVE-2025-23797 -- Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor allows Privilege Escalation.This issue affects WP Options Editor: from n/a through 1.1.
CVE-2025-23800 -- Cross-Site Request Forgery (CSRF) vulnerability in David Hamilton OrangeBox allows Cross Site Request Forgery.This issue affects OrangeBox: from n/a through 3.0.0.
CVE-2025-23801 -- Cross-Site Request Forgery (CSRF) vulnerability in Benjamin Guy Style Admin allows Stored XSS.This issue affects Style Admin: from n/a through 1.4.3.
CVE-2025-23802 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steven Soehl WP-Revive Adserver allows Stored XSS.This issue affects WP-Revive Adserver: from n/a through 2.2.1.
CVE-2025-23804 -- Cross-Site Request Forgery (CSRF) vulnerability in Shiv Prakash Tiwari WP Service Payment Form With Authorize.net allows Reflected XSS.This issue affects WP Service Payment Form With Authorize.net: from n/a through 2.6.0.
CVE-2025-23805 -- Cross-Site Request Forgery (CSRF) vulnerability in SEOReseller Team SEOReseller Partner allows Cross Site Request Forgery.This issue affects SEOReseller Partner: from n/a through 1.3.15.
CVE-2025-23807 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jimmy Hu Spiderpowa Embed PDF allows Stored XSS.This issue affects Spiderpowa Embed PDF: from n/a through 1.0.
CVE-2025-23808 -- Cross-Site Request Forgery (CSRF) vulnerability in Matt van Andel Custom List Table Example allows Reflected XSS.This issue affects Custom List Table Example: from n/a through 1.4.1.
CVE-2025-23810 -- Cross-Site Request Forgery (CSRF) vulnerability in Igor Sazonov Len Slider allows Reflected XSS.This issue affects Len Slider: from n/a through 2.0.11.
CVE-2025-23815 -- Cross-Site Request Forgery (CSRF) vulnerability in linickx root Cookie allows Cross Site Request Forgery. This issue affects root Cookie: from n/a through 1.6.
CVE-2025-23816 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaphorcreations Metaphor Widgets allows Stored XSS. This issue affects Metaphor Widgets: from n/a through 2.4.
CVE-2025-23817 -- Cross-Site Request Forgery (CSRF) vulnerability in Mahadir Ahmad MHR-Custom-Anti-Copy allows Stored XSS.This issue affects MHR-Custom-Anti-Copy: from n/a through 2.0.
CVE-2025-23818 -- Cross-Site Request Forgery (CSRF) vulnerability in Peggy Kuo More Link Modifier allows Stored XSS.This issue affects More Link Modifier: from n/a through 1.0.3.
CVE-2025-23820 -- Cross-Site Request Forgery (CSRF) vulnerability in Laxman Thapa Content Security Policy Pro allows Cross Site Request Forgery.This issue affects Content Security Policy Pro: from n/a through 1.3.5.
CVE-2025-23821 -- Cross-Site Request Forgery (CSRF) vulnerability in Aleapp WP Cookies Alert allows Cross Site Request Forgery.This issue affects WP Cookies Alert: from n/a through 1.1.1.
CVE-2025-23822 -- Cross-Site Request Forgery (CSRF) vulnerability in Cornea Alexandru Category Custom Fields allows Cross Site Request Forgery.This issue affects Category Custom Fields: from n/a through 1.0.
CVE-2025-23823 -- Cross-Site Request Forgery (CSRF) vulnerability in jprintf CNZZ&51LA for WordPress allows Cross Site Request Forgery.This issue affects CNZZ&51LA for WordPress: from n/a through 1.0.1.
CVE-2025-23824 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexander Weleczka FontAwesome.io ShortCodes allows Stored XSS.This issue affects FontAwesome.io ShortCodes: from n/a through 1.0.
CVE-2025-23825 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Thorpe Easy Shortcode Buttons allows Stored XSS.This issue affects Easy Shortcode Buttons: from n/a through 1.2.
CVE-2025-23826 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Predrag Supurovic Stop Comment Spam allows Stored XSS.This issue affects Stop Comment Spam: from n/a through 0.5.3.
CVE-2025-23827 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Strx Strx Magic Floating Sidebar Maker allows Stored XSS.This issue affects Strx Magic Floating Sidebar Maker: from n/a through 1.4.1.
CVE-2025-23828 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OriginalTips.com WordPress Data Guard allows Stored XSS.This issue affects WordPress Data Guard: from n/a through 8.
CVE-2025-23830 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jobair JB Horizontal Scroller News Ticker allows DOM-Based XSS.This issue affects JB Horizontal Scroller News Ticker: from n/a through 1.0.
CVE-2025-23831 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rene Hermenau QR Code Generator allows DOM-Based XSS.This issue affects QR Code Generator: from n/a through 1.2.6.
CVE-2025-23832 -- Cross-Site Request Forgery (CSRF) vulnerability in Matt Gibbs Admin Cleanup allows Stored XSS.This issue affects Admin Cleanup: from n/a through 1.0.2.
CVE-2025-23833 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RaminMT Links/Problem Reporter allows DOM-Based XSS.This issue affects Links/Problem Reporter: from n/a through 2.6.0.
CVE-2025-23841 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikos M. Top Flash Embed allows Stored XSS.This issue affects Top Flash Embed: from n/a through 0.3.4.
CVE-2025-23842 -- Cross-Site Request Forgery (CSRF) vulnerability in Nilesh Shiragave WordPress Gallery Plugin allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin: from n/a through 1.4.
CVE-2025-23844 -- Cross-Site Request Forgery (CSRF) vulnerability in wellwisher Custom Widget Classes allows Cross Site Request Forgery.This issue affects Custom Widget Classes: from n/a through 1.1.
CVE-2025-23848 -- Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Hotspots Analytics allows Stored XSS.This issue affects Hotspots Analytics: from n/a through 4.0.12.
CVE-2025-23854 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YesStreaming.com Shoutcast and Icecast Internet Radio Hosting Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com allows Stored XSS.This iss
CVE-2025-23856 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alessandro Staniscia Simple Vertical Timeline allows DOM-Based XSS.This issue affects Simple Vertical Timeline: from n/a through 0.1.
CVE-2025-23859 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joshua Wieczorek Daily Proverb allows Stored XSS.This issue affects Daily Proverb: from n/a through 2.0.3.
CVE-2025-23860 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eyouth { rob.panes } Charity-thermometer allows Stored XSS.This issue affects Charity-thermometer: from n/a through 1.1.2.
CVE-2025-23861 -- Cross-Site Request Forgery (CSRF) vulnerability in Katz Web Services, Inc. Debt Calculator allows Cross Site Request Forgery.This issue affects Debt Calculator: from n/a through 1.0.1.
CVE-2025-23862 -- Missing Authorization vulnerability in SzMake Contact Form 7 Anti Spambot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form 7 Anti Spambot: from n/a through 1.0.1.
CVE-2025-23863 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eiji ‘Sabaoh’ Yamada Rollover Tab allows Stored XSS.This issue affects Rollover Tab: from n/a through 1.3.2.
CVE-2025-23864 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Code Snippets (Luke America) WCS QR Code Generator allows Stored XSS.This issue affects WCS QR Code Generator: from n/a through 1.0.
CVE-2025-23865 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pressfore Winning Portfolio allows Stored XSS.This issue affects Winning Portfolio: from n/a through 1.1.
CVE-2025-23868 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markus Liebelt Chess Tempo Viewer allows Stored XSS.This issue affects Chess Tempo Viewer: from n/a through 0.9.5.
CVE-2025-23869 -- Cross-Site Request Forgery (CSRF) vulnerability in Shibu Lijack a.k.a CyberJack CJ Custom Content allows Stored XSS.This issue affects CJ Custom Content: from n/a through 2.0.
CVE-2025-23870 -- Cross-Site Request Forgery (CSRF) vulnerability in Robert Nicholson Copyright Safeguard Footer Notice allows Stored XSS.This issue affects Copyright Safeguard Footer Notice: from n/a through 3.0.
CVE-2025-23871 -- Cross-Site Request Forgery (CSRF) vulnerability in Bas Matthee LSD Google Maps Embedder allows Cross Site Request Forgery.This issue affects LSD Google Maps Embedder: from n/a through 1.1.
CVE-2025-23872 -- Cross-Site Request Forgery (CSRF) vulnerability in PayForm PayForm allows Stored XSS.This issue affects PayForm: from n/a through 2.0.
CVE-2025-23873 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anshi Solutions Category D3 Tree allows Stored XSS.This issue affects Category D3 Tree: from n/a through 1.1.
CVE-2025-23875 -- Cross-Site Request Forgery (CSRF) vulnerability in Tim Ridgway Better Protected Pages allows Stored XSS.This issue affects Better Protected Pages: from n/a through 1.0.
CVE-2025-23876 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jens Remus WP krpano allows Stored XSS.This issue affects WP krpano: from n/a through 1.2.1.
CVE-2025-23877 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nitethemes Nite Shortcodes allows Stored XSS.This issue affects Nite Shortcodes: from n/a through 1.0.
CVE-2025-23878 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Reilly Post-to-Post Links allows Stored XSS.This issue affects Post-to-Post Links: from n/a through 4.2.
CVE-2025-23880 -- Cross-Site Request Forgery (CSRF) vulnerability in anmari amr personalise allows Cross Site Request Forgery.This issue affects amr personalise: from n/a through 2.10.
CVE-2025-23884 -- Cross-Site Request Forgery (CSRF) vulnerability in Chris Roberts Annie allows Cross Site Request Forgery.This issue affects Annie: from n/a through 2.1.1.
CVE-2025-23886 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Roberts Annie allows Stored XSS.This issue affects Annie: from n/a through 2.1.1.
CVE-2025-23887 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Allan Wallick Blog Summary allows Stored XSS.This issue affects Blog Summary: from n/a through 0.1.2 ß.
CVE-2025-23890 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tom Ewer and Tito Pandu Easy Tweet Embed allows DOM-Based XSS.This issue affects Easy Tweet Embed: from n/a through 1.7.
CVE-2025-23891 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vincent Loy Yet Another Countdown allows DOM-Based XSS.This issue affects Yet Another Countdown: from n/a through 1.0.1.
CVE-2025-23892 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Furr and Simon Ward Progress Tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through 0.9.3.
CVE-2025-23893 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Manuel Costales GMap Shortcode allows DOM-Based XSS.This issue affects GMap Shortcode: from n/a through 2.0.
CVE-2025-23895 -- Cross-Site Request Forgery (CSRF) vulnerability in Dan Cameron Add RSS allows Stored XSS.This issue affects Add RSS: from n/a through 1.5.
CVE-2025-23896 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oncle Tom Mindmeister Shortcode allows DOM-Based XSS.This issue affects Mindmeister Shortcode: from n/a through 1.0.
CVE-2025-23897 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ivo Brett – ApplyMetrics Apply with LinkedIn buttons allows DOM-Based XSS.This issue affects Apply with LinkedIn buttons: from n/a through 2.3.
CVE-2025-23898 -- Cross-Site Request Forgery (CSRF) vulnerability in Ivo Brett – ApplyMetrics Apply with LinkedIn buttons allows Stored XSS.This issue affects Apply with LinkedIn buttons: from n/a through 2.3.
CVE-2025-23899 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BnB Select Ltd Bookalet allows Stored XSS.This issue affects Bookalet: from n/a through 1.0.3.
CVE-2025-23900 -- Cross-Site Request Forgery (CSRF) vulnerability in Genkisan Genki Announcement allows Cross Site Request Forgery.This issue affects Genki Announcement: from n/a through 1.4.1.
CVE-2025-23901 -- Cross-Site Request Forgery (CSRF) vulnerability in Oliver Schaal GravatarLocalCache allows Cross Site Request Forgery.This issue affects GravatarLocalCache: from n/a through 1.1.2.
CVE-2025-23902 -- Cross-Site Request Forgery (CSRF) vulnerability in Taras Dashkevych Error Notification allows Cross Site Request Forgery.This issue affects Error Notification: from n/a through 0.2.7.
CVE-2025-23907 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in closed SOCIAL.NINJA allows Stored XSS. This issue affects SOCIAL.NINJA: from n/a through 0.2.
CVE-2025-23908 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rami Yushuvaev Pastebin allows Stored XSS.This issue affects Pastebin: from n/a through 1.5.
CVE-2025-23909 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Common Ninja Compare Ninja allows Stored XSS.This issue affects Compare Ninja: from n/a through 2.1.0.
CVE-2025-23911 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solidres Team Solidres – Hotel booking plugin allows SQL Injection.This issue affects Solidres – Hotel booking plugin: from n/a through 0.9.4.
CVE-2025-23912 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typomedia Foundation WordPress Custom Sidebar allows Blind SQL Injection.This issue affects WordPress Custom Sidebar: from n/a through 2.3.
CVE-2025-23913 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pankajpragma, rahulpragma WordPress Google Map Professional allows SQL Injection.This issue affects WordPress Google Map Professional: from n/a through 1
CVE-2025-23916 -- Missing Authorization vulnerability in Nuanced Media WP Meetup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meetup: from n/a through 2.3.0.
CVE-2025-23917 -- Missing Authorization vulnerability in Chandrika Guntur, Morgan Kay Chamber Dashboard Business Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chamber Dashboard Business Directory: from n/a through 3.3.
CVE-2025-23919 -- Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Ella van Durpe Slides & Presentations allows Code Injection.This issue affects Slides & Presentations: from n/a through 0.0.39.
CVE-2025-23922 -- Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder allows Upload a Web Shell to a Web Server.This issue affects iSpring Embedder: from n/a through 1.0.
CVE-2025-23924 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jérémy Heleine WP Photo Sphere allows Stored XSS.This issue affects WP Photo Sphere: from n/a through 3.8.
CVE-2025-23925 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jimmy Peña Feedburner Optin Form allows Stored XSS.This issue affects Feedburner Optin Form: from n/a through 0.2.8.
CVE-2025-23926 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TC Ajax WP Query Search Filter allows Stored XSS.This issue affects Ajax WP Query Search Filter: from n/a through 1.0.7.
CVE-2025-23927 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Massimo Serpilli Incredible Font Awesome allows Stored XSS.This issue affects Incredible Font Awesome: from n/a through 1.0.
CVE-2025-23928 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Arsovski Google Org Chart allows Stored XSS.This issue affects Google Org Chart: from n/a through 1.0.1.
CVE-2025-23929 -- Missing Authorization vulnerability in wishfulthemes Email Capture & Lead Generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email Capture & Lead Generation: from n/a through 1.0.2.
CVE-2025-23930 -- Missing Authorization vulnerability in iTechArt-Group PayPal Marketing Solutions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Marketing Solutions: from n/a through 1.2.
CVE-2025-23933 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpFreeware WpF Ultimate Carousel allows Stored XSS.This issue affects WpF Ultimate Carousel: from n/a through 1.0.11.
CVE-2025-23934 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PromoSimple Giveaways and Contests by PromoSimple allows Stored XSS.This issue affects Giveaways and Contests by PromoSimple: from n/a through 1.24.
CVE-2025-23935 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Plugin Factory Magic Google Maps allows Stored XSS.This issue affects Magic Google Maps: from n/a through 1.0.4.
CVE-2025-23936 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Harun R. Rayhan (Cr@zy Coder) CC Circle Progress Bar allows Stored XSS.This issue affects CC Circle Progress Bar: from n/a through 1.0.0.
CVE-2025-23939 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiem Khan Image Switcher allows Stored XSS.This issue affects Image Switcher: from n/a through 1.1.
CVE-2025-23940 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiem Khan Image Switcher allows Stored XSS.This issue affects Image Switcher: from n/a through 0.1.1.
CVE-2025-23941 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meinturnierplan.de Team MeinTurnierplan.de Widget Viewer allows Stored XSS.This issue affects MeinTurnierplan.de Widget Viewer: from n/a through 1.1.
CVE-2025-23943 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arul PDF.js Shortcode allows Stored XSS.This issue affects PDF.js Shortcode: from n/a through 1.0.
CVE-2025-23946 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in le Pixel Solitaire Enhanced YouTube Shortcode allows Stored XSS.This issue affects Enhanced YouTube Shortcode: from n/a through 2.0.1.
CVE-2025-23947 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M.J WP-Player allows Stored XSS.This issue affects WP-Player: from n/a through 2.6.1.
CVE-2025-23950 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Said Shiripour EZPlayer allows Stored XSS.This issue affects EZPlayer: from n/a through 1.0.10.
CVE-2025-23951 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DivEngine Gallery: Hybrid – Advanced Visual Gallery allows Stored XSS.This issue affects Gallery: Hybrid – Advanced Visual Gallery: from n/a through 1.4.
CVE-2025-23954 -- Missing Authorization vulnerability in AWcode & KingfisherFox Salvador – AI Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salvador – AI Image Generator: from n/a through 1.0.11.
CVE-2025-23955 -- Missing Authorization vulnerability in xola.com Xola allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xola: from n/a through 1.6.
CVE-2025-23957 -- Missing Authorization vulnerability in Sur.ly Sur.ly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sur.ly: from n/a through 3.0.3.
CVE-2025-23961 -- Missing Authorization vulnerability in WP Tasker WordPress Graphs & Charts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Graphs & Charts: from n/a through 2.0.8.
CVE-2025-23962 -- Missing Authorization vulnerability in Goldstar Goldstar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Goldstar: from n/a through 2.1.1.
CVE-2025-23963 -- Missing Authorization vulnerability in Sven Hofmann & Michael Schoenrock Mark Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark Posts: from n/a through 2.2.3.
CVE-2025-23965 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kopatheme Kopa Nictitate Toolkit allows Stored XSS.This issue affects Kopa Nictitate Toolkit: from n/a through 1.0.2.
CVE-2020-8094 -- An untrusted search path vulnerability in testinitsigs.exe as used in Bitdefender Antivirus Free 2020 allows a low-privilege attacker to execute code as SYSTEM via a specially crafted DLL file.
CVE-2024-10775 -- The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.4.32 via the 'pafe-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possi
CVE-2024-11029 -- A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator pass
CVE-2024-11322 -- A denial-of-service vulnerability exists in CyberPower PowerPanel Business (PPB) 4.11.0.
CVE-2024-11848 -- The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenti
CVE-2024-11851 -- The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropack_rml_notification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated
CVE-2024-11870 -- The Event Registration Calendar By vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied
CVE-2024-12084 -- A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out
CVE-2024-12297 -- Moxa’s Ethernet switch EDS-508A Series, running firmware version 3.11 and earlier, is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the pr
CVE-2024-12403 -- The Image Gallery – Responsive Photo Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'awsmgallery' parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This
CVE-2024-12423 -- The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes i
CVE-2024-12593 -- The PDF for WPForms + Drag and Drop Template Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yeepdf_dotab shortcode in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output es
CVE-2024-12818 -- The WP Smart TV plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tv-video-player' shortcode in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attribut
CVE-2024-13215 -- The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authentica
CVE-2024-13334 -- The Car Demon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_condition' parameter in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unau
CVE-2024-13351 -- The Social proof testimonials and reviews by Repuso plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rw_image_badge1' shortcode in all versions up to, and including, 5.20 due to insufficient input sanitization and output
CVE-2024-13394 -- The ViewMedica 9 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'viewmedica' shortcode in all versions up to, and including, 1.4.15 due to insufficient input sanitization and output escaping on user supplied attributes.
CVE-2024-27856 -- The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or
CVE-2024-35280 -- A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version 5.3.0 may allow an attacker to perform a re
CVE-2024-36751 -- An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service (ReDoS) via a crafted URL.
CVE-2024-39967 -- Insecure permissions in Aginode GigaSwitch v5 allows attackers to access sensitive information via using the SCP command.
CVE-2024-40771 -- The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, watchOS 10.5, tvOS 17.5, macOS Ventura 13.6.7, visionOS 1.2. An app may be able
CVE-2024-40839 -- This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.
CVE-2024-40854 -- A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to cause unexpected system termination.
CVE-2024-41453 -- A cross-site scripting (XSS) vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.
CVE-2024-41454 -- An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or HTML file.
CVE-2024-4227 -- In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having duplicate ID attributes which can lead to a DoS.
CVE-2024-44136 -- This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to a device may be able to disable Stolen Device Protection.
CVE-2024-45061 -- A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious
CVE-2024-47002 -- A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker.
CVE-2024-47140 -- A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provid
CVE-2024-48121 -- The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit user credentials in cleartext over the GIOP protocol. This allows attackers to possibly gain access to sensitive information via a man-in-the-middle attack.
CVE-2024-48122 -- Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I allow authenticated attackers with low-level privileges to escalate to root-level privileges.
CVE-2024-48123 -- An issue in the USB Autorun function of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to execute arbitrary code via uploading a crafted script from a USB device.
CVE-2024-48125 -- An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to enumerate user credentials via crafted GIOP protocol requests.
CVE-2024-48126 -- HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access.
CVE-2024-50953 -- An issue in XINJE XL5E-16T V3.7.2a allows attackers to cause a Denial of Service (DoS) via a crafted Modbus message.
CVE-2024-50954 -- The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerability in handling Modbus messages. When a TCP connection is established with the above series of controllers within a local area network (LAN), sending a speci
CVE-2024-5198 -- OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a system halt.
CVE-2024-52005 -- Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed wit
CVE-2024-52783 -- Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2 to v3.7.17c allows attackers to execute arbitrary code via modification of the configuration file.
CVE-2024-53407 -- In Phiewer 4.1.0, a dylib injection leads to Command Execution which allow attackers to inject dylib file potentially leading to remote control and unauthorized access to sensitive user data.
CVE-2024-54470 -- A logic issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1. An attacker with physical access may be able to access contacts from the lock screen.
CVE-2024-54535 -- A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data could also read reminders.
CVE-2024-54540 -- The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app.
CVE-2024-55503 -- An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a crafted script to the DYLD_INSERT_LIBRARIES component.
CVE-2024-55577 -- Stack-based buffer overflow vulnerability exists in Linux Ratfor 1.06 and earlier. When the software processes a file which is specially crafted by an attacker, arbitrary code may be executed. As a result, the attacker may obtain or alter information of t
CVE-2024-56295 -- Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 5.5.6.
CVE-2024-57011 -- TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg.
CVE-2024-57012 -- TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg.
CVE-2024-57013 -- TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg.
CVE-2024-57014 -- TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "recHour" parameter in setScheduleCfg.
CVE-2024-57015 -- TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "hour" parameter in setScheduleCfg.
CVE-2024-57016 -- TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "user" parameter in setVpnAccountCfg.
CVE-2024-57017 -- TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg.
CVE-2024-57018 -- TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg.
CVE-2024-57019 -- TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg.
CVE-2024-57020 -- TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg.
CVE-2024-57021 -- TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg.
CVE-2024-57022 -- TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg.
CVE-2024-57023 -- TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setWiFiScheduleCfg.
CVE-2024-57024 -- TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg.
CVE-2024-57025 -- TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setWiFiScheduleCfg.
CVE-2024-57726 -- SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.
CVE-2024-57727 -- SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include
CVE-2024-57728 -- SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of th
CVE-2024-57757 -- JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInterceptor.cava.
CVE-2024-57760 -- JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java.
CVE-2024-57761 -- An arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-57762 -- MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file.
CVE-2024-57763 -- MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField.
CVE-2024-57764 -- MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add.
CVE-2024-57765 -- MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list.
CVE-2024-57766 -- MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField.
CVE-2024-57767 -- MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.
CVE-2024-7085 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Solutions Business Manager (SBM) allows Stored XSS. 
CVE-2024-7322 -- A ZigBee coordinator, router, or end device may change their node ID when an unsolicited encrypted rejoin response is received, this change in node ID causes Denial of Service (DoS). To recover from this DoS, the network must be re-established
CVE-2024-8603 -- A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and B&R mapp View versions before 6.1 may be abused by unauthenticated network-based attackers to masquerade as
CVE-2024-9636 -- The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible
CVE-2025-0193 -- A stored Cross-site Scripting (XSS) vulnerability exists in the MGate 5121/5122/5123 Series firmware version v1.0 because of insufficient sanitization and encoding of user input in the "Login Message" functionality. An authenticated attacker with administ
CVE-2025-0215 -- The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiate_restore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and ou
CVE-2025-0343 -- Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. This crash is caused by a confusion in the ASN.1 library itself which assumes that certain objects can only be provided in either constructed or primitive forms, and will trigg
CVE-2025-0354 -- Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlie
CVE-2025-0355 -- Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM
CVE-2025-0356 -- NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3 and earlier allows a attacker to execute arbitrary OS commands via the internet.
CVE-2025-0434 -- Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-0435 -- Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
CVE-2025-0436 -- Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-0437 -- Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-0438 -- Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-0439 -- Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-0440 -- Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-0441 -- Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-0442 -- Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-0443 -- Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Mediu
CVE-2025-0446 -- Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
CVE-2025-0447 -- Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-0448 -- Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-0480 -- A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It i
CVE-2025-0481 -- A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch
CVE-2025-0482 -- A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file /fladmin/user_recoverpwd.php. The manipulation leads to use of default credentials. It is possible to initiate the attac
CVE-2025-0483 -- A vulnerability has been found in Fanli2012 native-php-cms 1.0 and classified as problematic. This vulnerability affects unknown code of the file /fladmin/jump.php. The manipulation of the argument message/error leads to cross site scripting. The attack c
CVE-2025-0484 -- A vulnerability was found in Fanli2012 native-php-cms 1.0 and classified as critical. This issue affects some unknown processing of the file /fladmin/sysconfig_doedit.php of the component Backend. The manipulation leads to improper authorization. The atta
CVE-2025-0485 -- A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been classified as problematic. Affected is an unknown function of the file /fladmin/sysconfig_doedit.php. The manipulation of the argument info leads to cross site scripting. It is possibl
CVE-2025-0486 -- A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fladmin/login.php. The manipulation of the argument username leads to sql injection. The a
CVE-2025-0487 -- A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /fladmin/cat_edit.php. The manipulation of the argument id leads to sql injection. The attack may be
CVE-2025-0488 -- A vulnerability classified as critical has been found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file product_list.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely.
CVE-2025-0489 -- A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. This vulnerability affects unknown code of the file /fladmin/friendlink_dodel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated re
CVE-2025-0490 -- A vulnerability, which was classified as critical, has been found in Fanli2012 native-php-cms 1.0. This issue affects some unknown processing of the file /fladmin/article_dodel.php. The manipulation of the argument id leads to sql injection. The attack ma
CVE-2025-0491 -- A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. Affected is an unknown function of the file /fladmin/cat_dodel.php. The manipulation of the argument id leads to sql injection. It is possible to launch the atta
CVE-2025-0492 -- A vulnerability has been found in D-Link DIR-823X 240126/240802 and classified as critical. Affected by this vulnerability is the function FUN_00412244. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit h
CVE-2025-0500 -- An issue in the native clients for Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle.
CVE-2025-0501 -- An issue in the native clients for Amazon WorkSpaces Clients when running PCoIP protocol may allow an attacker to access remote sessions via man-in-the-middle.
CVE-2025-0502 -- Transmission of Private Resources into a New Sphere ('Resource Leak') vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.This issue affects CrafterCMS: from 4.0.0 before 4.0.8, f
CVE-2025-20088 -- Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.
CVE-2025-21083 -- Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.
CVE-2025-21088 -- Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted mal
CVE-2025-21101 -- Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability.
CVE-2025-22146 -- Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to
CVE-2025-22317 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in galleryape Photo Gallery – Image Gallery by Ape allows Reflected XSS.This issue affects Photo Gallery – Image Gallery by Ape: from n/a through 2.2.8.
CVE-2025-22329 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AGILELOGIX Free Google Maps allows Stored XSS.This issue affects Free Google Maps: from n/a through 1.0.1.
CVE-2025-22346 -- Server-Side Request Forgery (SSRF) vulnerability in Faizaan Gagan Course Migration for LearnDash allows Server Side Request Forgery.This issue affects Course Migration for LearnDash: from 1.0.2 through n/a.
CVE-2025-22394 -- Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and possibly p
CVE-2025-22587 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NCiphers SEO Bulk Editor allows Stored XSS.This issue affects SEO Bulk Editor: from n/a through 1.1.0.
CVE-2025-22724 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MojofyWP Product Carousel For WooCommerce – WoorouSell allows Stored XSS.This issue affects Product Carousel For WooCommerce – WoorouSell: from n/a throu
CVE-2025-22729 -- Missing Authorization vulnerability in Infomaniak Staff VOD Infomaniak allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VOD Infomaniak: from n/a through 1.5.9.
CVE-2025-22731 -- Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Build Private Store For Woocommerce allows Cross Site Request Forgery.This issue affects Build Private Store For Woocommerce: from n/a through 1.0.
CVE-2025-22734 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Posts Footer Manager allows Stored XSS.This issue affects Posts Footer Manager: from n/a through 2.1.0.
CVE-2025-22736 -- Incorrect Privilege Assignment vulnerability in WPExperts User Management allows Privilege Escalation.This issue affects User Management: from n/a through 1.2.
CVE-2025-22737 -- Missing Authorization vulnerability in MagePeople Team WpTravelly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through 1.8.5.
CVE-2025-22738 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TechnoWich WP ULike allows Stored XSS.This issue affects WP ULike: from n/a through 4.7.6.
CVE-2025-22742 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in falldeaf WP ViewSTL allows DOM-Based XSS.This issue affects WP ViewSTL: from n/a through 1.0.
CVE-2025-22743 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohsin Rasool Twitter Bootstrap Collapse aka Accordian Shortcode allows DOM-Based XSS.This issue affects Twitter Bootstrap Collapse aka Accordian Shortco
CVE-2025-22744 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rob von Bothmer / SeoDev S-DEV SEO allows Stored XSS.This issue affects S-DEV SEO: from n/a through 1.88.
CVE-2025-22745 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Björn Weinbrenner Navigation Du Lapin Blanc allows DOM-Based XSS.This issue affects Navigation Du Lapin Blanc: from n/a through 1.1.1.
CVE-2025-22746 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HireHive HireHive Job Plugin allows Stored XSS.This issue affects HireHive Job Plugin: from n/a through 2.9.0.
CVE-2025-22747 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tor Morten Jensen Foundation Columns allows Stored XSS.This issue affects Foundation Columns: from n/a through 0.8.
CVE-2025-22748 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SetMore Appointments SetMore Theme – Custom Post Types allows Stored XSS.This issue affects SetMore Theme – Custom Post Types: from n/a through 1.1.
CVE-2025-22749 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AwoThemes Social Media Engine allows Stored XSS.This issue affects Social Media Engine: from n/a through 1.0.2.
CVE-2025-22750 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tarak Patel Post Carousel & Slider allows Reflected XSS.This issue affects Post Carousel & Slider: from n/a through 1.0.4.
CVE-2025-22751 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mighty Digital Partners allows Reflected XSS.This issue affects Partners: from n/a through 0.2.0.
CVE-2025-22752 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GSheetConnector GSheetConnector for Forminator Forms allows Reflected XSS.This issue affects GSheetConnector for Forminator Forms: from n/a through 1.0.1
CVE-2025-22753 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dueclic turboSMTP allows Reflected XSS.This issue affects turboSMTP: from n/a through 4.6.
CVE-2025-22754 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Berkman Center for Internet & Society Amber allows Reflected XSS.This issue affects Amber: from n/a through 1.4.4.
CVE-2025-22755 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in James Bavington WP Headmaster allows Reflected XSS.This issue affects WP Headmaster: from n/a through 0.3.
CVE-2025-22758 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aiwp Elementor AI Addons allows DOM-Based XSS.This issue affects Elementor AI Addons: from n/a through 2.2.1.
CVE-2025-22759 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual
CVE-2025-22760 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard CodeBard Help Desk allows Reflected XSS.This issue affects CodeBard Help Desk: from n/a through 1.1.2.
CVE-2025-22761 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Olaf Lederer Ajax Contact Form allows Stored XSS.This issue affects Ajax Contact Form: from n/a through 1.2.5.1.
CVE-2025-22762 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Octrace Studio WordPress HelpDesk & Support Ticket System Plugin – Octrace Support allows Stored XSS.This issue affects WordPress HelpDesk & Support Tick
CVE-2025-22764 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpwebs Team - VA Jariwala WP Post Corrector allows Reflected XSS.This issue affects WP Post Corrector: from n/a through 1.0.2.
CVE-2025-22765 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uri Weil WP Order By allows Reflected XSS.This issue affects WP Order By: from n/a through 1.4.2.
CVE-2025-22766 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Masoud Amini Zarinpal Paid Download allows Reflected XSS.This issue affects Zarinpal Paid Download: from n/a through 2.3.
CVE-2025-22769 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Brahma Multifox allows Stored XSS.This issue affects Multifox: from n/a through 1.3.7.
CVE-2025-22773 -- Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in WPChill Htaccess File Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Htaccess File Editor: from n/a through
CVE-2025-22776 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jay Carter WP Bulletin Board allows Reflected XSS.This issue affects WP Bulletin Board: from n/a through 1.1.4.
CVE-2025-22778 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lijit Networks Inc. and Crowd Favorite Lijit Search allows Reflected XSS.This issue affects Lijit Search: from n/a through 1.1.
CVE-2025-22779 -- Missing Authorization vulnerability in Ugur CELIK WP News Sliders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP News Sliders: from n/a through 1.0.
CVE-2025-22780 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexey Yuzhakov wp-pano allows Stored XSS.This issue affects wp-pano: from n/a through 1.17.
CVE-2025-22781 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nativery Developer Nativery allows DOM-Based XSS.This issue affects Nativery: from n/a through 0.1.6.
CVE-2025-22782 -- Unrestricted Upload of File with Dangerous Type vulnerability in Web Ready Now WR Price List Manager For Woocommerce allows Upload a Web Shell to a Web Server.This issue affects WR Price List Manager For Woocommerce: from n/a through 1.0.8.
CVE-2025-22784 -- Cross-Site Request Forgery (CSRF) vulnerability in Johan Ström Background Control allows Path Traversal.This issue affects Background Control: from n/a through 1.0.5.
CVE-2025-22785 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System allows SQL Injection.This issue affects Course Booking System: from n/a through 6.0.5.
CVE-2025-22786 -- Path Traversal vulnerability in ElementInvader ElementInvader Addons for Elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.6.
CVE-2025-22787 -- Missing Authorization vulnerability in bPlugins LLC Button Block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through 1.1.5.
CVE-2025-22788 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codexpert, Inc CoDesigner WooCommerce Builder for Elementor allows Stored XSS.This issue affects CoDesigner WooCommerce Builder for Elementor: from n/a t
CVE-2025-22793 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bold Bold pagos en linea allows DOM-Based XSS.This issue affects Bold pagos en linea: from n/a through 3.1.0.
CVE-2025-22795 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thorsten Krug Multilang Contact Form allows Reflected XSS.This issue affects Multilang Contact Form: from n/a through 1.5.
CVE-2025-22797 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ogulcan Özügenç Gallery and Lightbox allows Stored XSS.This issue affects Gallery and Lightbox: from n/a through 1.0.14.
CVE-2025-22798 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CHR Designer Responsive jQuery Slider allows Stored XSS.This issue affects Responsive jQuery Slider: from n/a through 1.1.1.
CVE-2025-22799 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vertim Coders Neon Product Designer allows SQL Injection.This issue affects Neon Product Designer: from n/a through 2.1.1.
CVE-2025-22964 -- SQL Injection vulnerability in DDSN Net Pty Ltd (DDSN Interactive) DDSN Interactive cm3 Acora CMS 10.1.1 allows an attacker to execute arbitrary code via the table parameter.
CVE-2025-22968 -- An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions
CVE-2025-22976 -- SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a local attacker to execute arbitrary code via not filtering the content correctly at the "checkOrder.php" shopId module.
CVE-2025-22996 -- A stored cross-site scripting (XSS) vulnerability in the spf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter.
CVE-2025-22997 -- A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter.
CVE-2025-23013 -- In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS
CVE-2025-23040 -- GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of malicio
CVE-2025-23061 -- Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900.