Bitcoin's Prospects in 2025: Exploring Opportunities and Mitigate Risks
Feds worry AT&T breach could out informants
‘Sneaky Log’ phishing kits slip by Microsoft 365 accounts
EU privacy non-profit group filed complaints against TikTok, SHEIN, AliExpress, and other Chinese companies
FTC cracks down on Genshin Impact gacha loot box practices
Has the TikTok Ban Already Backfired on US Cybersecurity?
AIs in Love, UEFI, Fortinet, Godaddy, Juggalos, Aaran Leyland, and More. – SWN #443
Otelier data breach exposes info, hotel reservations of millions
US Sanctions Chinese Hacker for Treasury Breach
15K Fortinet Device Configs Leaked to the Dark Web
Employees Enter Sensitive Data Into GenAI Prompts Too Often
TikTok’s national security risk warrants ban, Supreme Court rules
Malicious PyPi package steals Discord auth tokens from devs
FCC orders telecoms to secure their networks after Salt Tyhpoon hacks
US sanctions Chinese firm, hacker behind telecom and Treasury hacks
US Supreme Court Gives Green Light to TikTok Ban
Breaking the Speed Barrier: SQL Injection Automation Evolution | by n0apol0giz3 | Jan, 2025 | Medium
Lumma Stealer Q&A. The people have spoken, you asked and… | by g0njxa | Jan, 2025 | Medium
A Journey of Limited Path Traversal To RCE With $40,000 Bounty! | by HX007 | Jan, 2025 | Medium
Microsoft fixes Office 365 apps crashing on Windows Server systems
Microsoft starts force upgrading Windows 11 22H2, 23H3 devices
Using Behavioral Insights to Counter LLM-Enabled Hacking
Lazarus Group Targets Developers in New Data Theft Campaign
Misconfiguration exposes over Assist Security data
New Star Blizzard attacks set sights on WhatsApp accounts
Trojanized images leveraged in separate malware campaigns
Additional US sanctions issued to clampdown North Korean IT worker scam
How to calculate your AI-powered cybersecurity's ROI
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation
How Russian hackers went after NGOs' WhatsApp accounts
ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems
Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation
FTC orders GoDaddy to fix poor web hosting security practices
Star Blizzard Targets WhatsApp in New Campaign
Everything I know about cybersecurity, I learned from video games
Noyb Files GDPR Complaints Against TikTok and Five Chinese Tech Giants
U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs
How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?
New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
1touch.io’s SaaS offering delivers enterprise-grade security
Researchers Warn of NTLMv1 Bypass in Active Directory Policy
DORA Takes Effect: Financial Firms Navigating Compliance Headwinds
Dynatrace reduces time-consuming compliance configuration checks associated with DORA
Bitwarden unveils native mobile applications for iOS and Android
Russia-linked APT Star Blizzard targets WhatsApp accounts
MSSqlPwner: Open-source tool for pentesting MSSQL servers
New infosec products of the week: January 17, 2025
EU takes decisive action on healthcare cybersecurity
Homeowners are clueless about how smart devices collect their data
Balancing usability and security in the fight against identity-based attacks
European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China
Russian APT Phishes Kazakh Gov't for Strategic Intel
404: Not Found
Woe Daddy: FTC raps hosting giant GoDaddy for security lapses
GDPR complaints filed against TikTok, Temu for sending user data to China
183M Patient Records Exposed: Fortified Health Security Releases 2025 Healthcare Cybersecurity Report
Karl Triebes Joins Ivanti as Chief Product Officer
Microsoft expands testing of Windows 11 admin protection feature
W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks
4.2 million internet hosts hijacked via bugs in tunneling protocols
Prominent US law firm Wolf Haldenstein disclosed a data breach
FTC Orders GoDaddy to Fix Inadequate Security Practices
SEALSQ in Cooperation With WISeKey Expands Post-Quantum Footprint in Saudi Arabia
CISA and US and International Partners Publish Guidance for OT Owners and Operators
Biden's Cyber EO Gives Trump a Blueprint for Defense
CISA's AI Playbook Pushes For More Information Sharing
Find the helpers
Building a Virtual Security Home Lab: Part 10 - Splunk Setup & Configuration | by David Varghese | InfoSec Write-ups
Creating Payloads with ScareCrow to Mimic Reputable Sources and Bypass Anti-Virus | by Cybertech Maven | InfoSec Write-ups
Enhance Your Google Dorking Skills with ChatGPT | by Practical OSINT | InfoSec Write-ups
The 60-Second Phone Hack That's Draining Bank Accounts Worldwide | by John Edwin | InfoSec Write-ups
Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting
Gateshead Council Cyber-Attack Exposes Personal Data
US cracks down on North Korean IT worker army with more sanctions
🛠️ Reconnaissance and Vulnerability Scanning Script🛡️ | by Piyush Kumawat (securitycipher) | InfoSec Write-ups
HOW I HACKED NASA?. Hi Guyz, | by Krishnadev P Melevila | InfoSec Write-ups
Leveraging LFI to RCE in a website with +20000 users | by kleiton0x7e | InfoSec Write-ups
REVEALED: Best Way to Recover Lost or Deleted Data from Smartphones | by InfoSec Write-ups | Jan, 2025 | InfoSec Write-ups
[WRITE-UP] Irremovable comments on the FB Lite app (Bounty: 500 USD) | by Shubham Bhamare | InfoSec Write-ups
You Need to Get on Hack the Box Academy | by grepStrength | InfoSec Write-ups
Gootloader inside out
The current state of ransomware: Weaponizing disclosure rules and more
Grinding Gear Games Apologizes for Path of Exile 2 Data Breach GGG
New Star Blizzard spear-phishing campaign targets WhatsApp accounts
Biden signs executive order to bolster national cybersecurity
FTC sues GoDaddy for years of poor hosting security practices
Wolf Haldenstein law firm says 3.5 million impacted by data breach
Middle Eastern Real Estate Fraud Grows with Online Listings
Biden Tightens Software Supply Chain Security Requirements
Trump’s Truth Social Users Targeted by Rampant Scams Online
Kicking Off 2025: Findings on U.S. Department of Energy | by Guru Prasad Pattanaik || TH3N00BH4CK3R | Jan, 2025 | Cyber Security Write-ups
How I Passed the 48-Hour eJPT Exam in Less Than 5 Hours | by Hasanka Amarasinghe | Jan, 2025 | Medium
Clop Ransomware exploits Cleo File Transfer flaw: dozens of claims, disputed breaches
MFA Failures - The Worst is Yet to Come
New UEFI Secure Boot flaw exposes systems to bootkits, patch now
CrowdStrike Achieves FedRAMP Authorization for New Modules
Risk, Reputational Scoring Services Enjoy Mixed Success
CISA Releases the Cybersecurity Performance Goals Adoption Report
Strategic Approaches to TDIR
Grupo Bimbo Ventures Announces Investment in NanoLock Security
K2 Secures Navy SeaPort Next Generation Contract
DORA Compliance Costs Soar Past €1m for Many UK and EU Businesses
Sophos ZTNA Updates
Malware spread by stealthy new MiktroTik botnet
Pall Mall Process faces criticism over impact on commercial hacking tools
Security researcher discovers critical vulnerability in Facebook ad platform
Transaction simulation spoofing attack targets cryptocurrency wallets
Accelerated BlackBasta-like email attack examined
Critical SimpleHelp vulnerabilities fixed, update your server instances!
Zero Trust Security, Why It's Essential In Today's Threat Landscape
Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action
Concentric AI helps organizations gain a complete understanding of their data
GoDaddy Accused of Serious Security Failings by FTC
New Hacking Group Leaks Configuration of 15,000 Fortinet Firewalls
Easterly: US federal networks initially targeted by Salt Typhoon
New Lazarus Group attack campaign sets sights on freelance software developers
MikroTik botnet relies on DNS misconfiguration to spread malware
Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer
New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions
The $10 Cyber Threat Responsible for the Biggest Breaches of 2024
Contrast Security AVM identifies application and API vulnerabilities in production
Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them?
New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)
Trusted Apps Sneak a Bug Into UEFI Boot Process
Scammers Exploit California Wildfires, Posing as Fire Relief Services
How Can AP Automation Enhance Data Protection
EU To Launch Support Centre by 2026 to Boost Healthcare Cybersecurity
Hackers Use Image-Based Malware and GenAI to Evade Email Security
Webinar: Amplifying SIEM with AI-driven NDR for IT/OT convergence
Cisco AI Defense safeguards against the misuse of AI tools
Entrust PKI Hub streamlines PKI, certificate lifecycle management, and automation
HarvestIQ.ai provides actionable insights for cybersecurity professionals
Red Hat Connectivity Link enhances security across multiple layers of application infrastructure
Regula updates Document Reader SDK with full support for Digital Travel Credentials
Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws
Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager
A humble proposal: The InfoSec CIA triad should be expanded
How CISOs can elevate cybersecurity in boardroom discussions
Critical vulnerabilities remain unresolved due to prioritization gaps
Hackers leak configs and VPN credentials for 15,000 FortiGate devices
Severe Rsync vulnerabilities — CVSS 9.8 — risk RCE, data leaks
Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices
Microsoft Patch Tuesday updates for January 2025 fixed three actively exploited flaws
SAP fixes critical vulnerabilities in NetWeaver application servers
Attackers Hijack Google Advertiser Accounts to Spread Malware
Four take guilty pleas in US government IT bribery scam
Boards Stepping Up, as CISOs Build Stronger Bonds with Legal and Safeguard Leadership – BSW #378
MikroTik botnet uses misconfigured SPF DNS records to spread malware
CISA shares guidance for Microsoft expanded logging capabilities
PowerSchool Data Breach Exposes Social Security Numbers of 60 Million Students and Teachers - Security Spotlight
Telefonica Breach Exposes 20,000 Employees' Data and Jira Details: Hellcat Ransomware's Infostealer Malware at Play - Security Spotlight
WazirX Hack: North Korea's Lazarus Blamed for WazirX's $235 Million Cryptocurrency Theft - Security Spotlight
West Haven Cyberattack Culprit, Qilin Ransomware Group
Black Basta-Style Cyberattack Hits Inboxes with 1,165 Emails in 90 Minutes
Hackers use Google Search ads to steal Google Ads accounts
Label giant Avery says website hacked to steal credit cards
North Korea's IT worker scam linked to 2016 crowdfunding operation
Microsoft ends support for Office apps on Windows 10 in October
Over 660,000 Rsync servers exposed to code execution attacks
North Korea's Lazarus Evolves Developer-Recruitment Attacks
CISA: Second BeyondTrust Vulnerability Added to KEV Catalog
Extension Poisoning Campaign Highlights Gaps in Browser Security
CISA Launches Playbook to Boost AI Cybersecurity Collaboration
Exploiting IDOR in a Support Portal Chatbot | by Supun Halangoda (Suppa) | Jan, 2025 | Medium
Exploring Python’s Best Libraries for Ethical Hacking | by Abhishek pawar | Jan, 2025 | InfoSec Write-ups
Improper Authentication in a famous Trading website | by Anonymousshetty | Jan, 2025 | Medium
Why I Chose a Cybersecurity Masters in Science Degree Over the CISSP Certification | by David S Mosher | Dec, 2024 | InfoSec Write-ups
Windows BitLocker bug triggers warnings on devices with TPMs
OWASP's New LLM Top 10 Shows Emerging AI Threats
Huione emerges as largest illegal online marketplace
North Korean crypto heist toll exceeded $659M in 2024
Pro-Ukraine hackers target major Russian state procurement platform
Seed funding raises $36M for Orchid Security
Thousands of WordPress sites impacted by WP3.XYZ malware campaign
U.S. CISA adds Fortinet FortiOS to its Known Exploited Vulnerabilities catalog
ISC2 Cybersecurity Workforce Study: Shortage of AI skilled workers
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99
Sweet Security Introduces Patent-Pending LLM-Powered Detection Engine, Reducing Cloud Detection Noise to 0.04%
Aembit Announces Speaker Lineup for the Inaugural NHIcon
Rsync vulnerabilities allow remote code execution on servers, patch quickly!
Slew of WavLink vulnerabilities
Multi-Cloud Adoption Surges Amid Rising Security Concerns
How Role-Based Identity Management Can Protect Against AD- And Entra I
Chinese PlugX Malware Deleted in Global Law Enforcement Operation
Illicit Crypto-Inflows Set to Top $51bn in a Year
Widespread PlugX malware compromise eradicated in law enforcement operation
Advanced Microsoft 365-targeted brute-force attacks enabled by FastHTTP
Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket
Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool
North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains
FBI removed PlugX malware from U.S. computers
1Password's Trelica Buy Part of Broader Shadow IT Play
Secureworks Exposes North Korean Links to Fraudulent Crowdfunding
Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls
CVE-2024-44243 macOS flaw allows persistent malware installation
The High-Stakes Disconnect For ICS/OT Security
Microsoft Discovers macOS Flaw CVE-2024-44243, Bypassing SIP
FBI deletes Chinese PlugX malware from thousands of US computers
Microsoft Patches Eight Zero-Days to Start the Year
Wultra Secures €3M to Protect Financial Institutions from Quantum Threats
Hackers Use CVE-2024-50603 to Deploy Backdoor on Aviatrix Controllers
How Much Does It Cost To Host A Website?
FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation
Using cognitive diversity for stronger, smarter cyber defense
Contextal Platform: Open-source threat detection and intelligence
Cybersecurity is stepping into a new era of complexity
3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update
Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks
Sowing Discord: Weaponizing Discord’s CDN and Webhooks | by grepStrength | Jan, 2025 | Medium
Cybersecurity 2025: The Year of the Human | by Helen Patton | Dec, 2024 | Medium
CVE-2024-49113 “LDAP Nightmare”: First PoC Exploit of 2025 Targets Critical Windows Vulnerability 🚨 | Medium
159-CVE January Patch Tuesday smashes single-month record
As Tensions Mount With China, Taiwan Sees Surge in Attacks
When did random code execution become a feature? | by Steve Jones | Jan, 2025 | Medium
I Changed Someone’s Profile Picture… And They Had No Idea!! | by Krishnadev P Melevila | Jan, 2025 | Medium
This is How I Turned an Informative Bug into a Valid $500 Bug | by Shubham Bhamare | Jan, 2025 | Medium
Why I Chose a Cybersecurity Masters in Science Degree Over the CISSP Certification | by David S Mosher | Dec, 2024 | InfoSec Write-ups
Explore topics
Getting Started with Bug Bounty Hunting in 2025: A Real World Guide | by hackbynight | Jan, 2025 | Medium
- YouTube
Hackers Likely Stole FBI Call Logs From AT&T That Could Compromise Informants | WIRED
- YouTube
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation
How to build an offensive AI security agent
Wolf Haldenstein Data Breach Exposed 3.5 Million Americans
How to Prepare for a Post Quantum World and Why | Cyber Security Tribe
New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
Finding SSRFs in Azure DevOps
Bypassing disk encryption on systems with automatic TPM2 unlock | oddlama's blog
Russian hackers target WhatsApp in new tactic, Microsoft warns
European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China
reuters.com
Just a moment...
Just a moment...
Hack The Emulated Planet: Vulnerability Hunting Planet WGS-804HPT Industrial Switch | Claroty
Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting
Microsoft Configuration Manager (ConfigMgr) 2403 Unauthenticated SQL
- YouTube
CVE-2025-0282 | AttackerKB
How to Create Vulnerable-Looking Endpoints to Detect and Mislead Attackers
Shielder - Karmada Security Audit
PowerSchool breach worse than thought, company says "all" student and teacher data accessed | TechRadar
Simone Margaritelli on LinkedIn: 121 days ago I reported something to Apple, no fixes and no follow ups…
University of Oklahoma Ransomware Attack Disrupts IT
UK mulls ransomware payment ban for public services
Critical SimpleHelp vulnerabilities fixed, update your server instances! - Help Net Security
Millions of hotel users see personal info checked out in huge data leak | TechRadar
Kevin Beaumont: "GitHub repo with the FortiGate config dump IPs. I…" - Cyberplace
Just a moment...
Biden administration launches cybersecurity executive order
Case Study ⸺ Tracing Command Chains through Time and Location
Policy Engine Showdown - OPA vs. OpenFGA vs. Cedar
A New Jam-Packed Biden Executive Order Tackles Cybersecurity, AI, and More | WIRED
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344
US government set to launch its Cyber Trust Mark cybersecurity labeling program for internet-connected devices in 2025 | TechCrunch
GitHub - SecurityInnovation/glibc_heap_exploitation_training: The resources for glibc Malloc heap exploitation course by Maxwell Dulin and Security Innovation.
China Hackers Broke Into 400-Plus Treasury PCs, Report Says
- YouTube
Solving Phishing Attacks with the SLAM Method: A Comprehensive Guide | The DefendOps Diaries
Essential BBOT Commands for Recon
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool
Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99
Proxy Alice: Predictive Messages For Concealed Communication | by Sebastian Carlos | Jan, 2025 | Medium
Ransomware attacks on education declined in 2024, report shows | StateScoop
North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains
How to Transform IAM from Cost Center to Revenue Driver
- YouTube
Posts | Blue Pill Security
Rsync vulnerabilities allow remote code execution on servers, patch quickly! - Help Net Security
Bolstering the cybersecurity of the healthcare sector - European Commission
How to Implement Role-Based Access Control (RBAC) in Laravel
Here’s how hucksters are manipulating Google to promote shady Chrome extensions
Just a moment...
DOJ deletes China-linked PlugX malware off more than 4,200 US computers | The Record from Recorded Future News
PSIRT | FortiGuard Labs
From arbitrary pointer dereference to arbitrary read/write in latest Windows 11 - hn security
GitHub - Tier1Security/Watchtower-Agent
Log in to the site | QuantumExams
Don’t Use Session (Signal Fork) - Dhole Moments
2024 CVEs in Review – Vulnerability Blog
United Hacks V4
Hacking
🤖 Mev B0T: An Ethereum bot 🌍 designed in Solidity 🔒 to optimize MEV (Miner Extractable Value) 💸 extraction. Features mempool 🌊 monitoring, front-running 🚀, and robust security mechanisms 🔐.
SecurityServer를 이용해 refreshToken을 redis에 저장하는 형태로 개발
spring-security-jwt
lab 12
Ansible playbook that fully automates the deployment of a LAMP stack on AWS EC2, including dynamic security group configuration and optimised instance setup through user data scripting.
securityGlobalbank
A Python-based security solution:
App developed to monitor and follow up the security related task for the company
Proof of concept project to prove that I could print barcodes and usefull tickets to a printer directly given a static IP address and bypassing the print priview window.
this-is-not-hacking
This repository documents the process of configuring and managing an Active Directory environment, integrating tools such as PowerShell, Splunk, Sysmon, and ServiceNow to demonstrate advanced system administration and security monitoring capabilities.
This approach is to integrate security into the development and operations pipeline. The goal is to shift security left, ensuring that security practices are embedded throughout the software development lifecycle (SDLC), rather than as an afterthought dur
Azure Linux Security Tools
A Steganography tool using LSB method to embed data in the image also features a Caesar Cipher for extra security.
MintWords: MintWords is a powerful tool that allows users to create personalized and effective wordlists. It allows users to create custom wordlists that fit their needs, especially for use in cybersecurity, password testing, and security testing.
Free Proxy DB offers a collection of 1000+ free proxies (HTTP, SOCKS4, SOCKS5, V2Ray, SSR, SS, MTProto) and essential tools like Proxy Checker, Port Checker, IP Checker, and Web Crawler. Perfect for developers and privacy-conscious users looking to improv
This portfolio project demonstrates the analysis of a DDoS attack incident using the NIST Cybersecurity Framework (CSF). The analysis includes a detailed incident report and strategic recommendations for improving network security.
POC (Proof of Concept) d'un radar d'aéroport développé avec React, TypeScript, et Pixi.js. Ce projet est une démonstration technique des capacités de Pixi.js intégré dans React pour simuler un affichage radar.
Advanced encrypted email system with post-quantum security, built on Yggdrasil and integrated into KYARN for secure project management.
Proof of concept for iMessage reactions UI using private API
Proof of concept for AI chat interface
hacking-opencv
Joke trojan that writes text on images and messes up with scripts, proof-of-concept, joke, harmful.
Proof of Concept of a MUI implementation of the new WCA site refresh
Hackers
MACHIAVELLIAN-OS Debian/GNU Linux is a custom-built version of the Debian Linux distribution, specifically tailored for cybersecurity tools and services, ethical hackers, and privacy/network enthusiasts.
hack
Hack Reason Project 2025: Developed by: Aman Balam, Pratik Mukesh Manghwani, Nikhil Sesha Sai Kondapalli
Spring-Security
Code for our project (CarbonEmissionPredictor) submission for TISB Hacks 2025
Software-Security-Lab
This bash script performs a security audit on a MySQL server by checking for various common vulnerabilities and misconfigurations.
Network-Security-Groups-NSGs-and-Inspecting-Network-Protocols
Firebase Realtime Database Security Rules Unexpectedly Deny Writes to Deeply Nested Objects
Network Hacking and gaining access to Wifi networks and cracking them
Proof of Concept (PoC) for a backend component of a "Booking Data Ingestion System."
security-rss-chatbot
Azure Security Labs
Security-in-Action
Welcome to the Ethical Hacking Tools repository! This project is a collection of scripts and utilities designed to help ethical hackers, cybersecurity professionals, and enthusiasts analyze, test, and secure systems. Each tool in this collection serves a
Web Application Firewall for Laravel using CyberShield API
little proof of concept / demo for a game idea I had
Response to security-engineer Test
Web challenges used for How To Hack Workshop (for absolute beginners).
Critical security update for Electrum wallets. Instructions for updating and securing your funds.
This app is a proof of concept (POC). It's functional but cannot be used as-is, as it has major flaws in terms of the architecture used. However, you can still use it to play around with sockets.
My uBO and YogaDNS blocklists
Proof-of-concept and framework for pervasive computing
A simple, powerful, and developer-friendly monorepo stack designed for building Proof of Concepts (POC/MVP), AI Micro-SAAS and scalable small web applications with AI/Machine Learning components.
MemLabs six labs is an educational, basic set of CTF-styled challenges designed to inspire students, security researchers, and CTF gamers to explore the field of Memory Forensics.
A collection of small proof of concept shaders
Proof of concept token sharing
Mod Menu Hack for the chrome dino game.
Proof of concept for AI chat interface
This project aims to serve as proof of concept using Kafka, SNS and SQS with DevService
Proof of Concept for Clean Architecture for Data Engineering Project
JWT_APIGateway_Security
app-security
A proof of concept of React Router 6 running SSR in Netlify Edge functions
This contains hands-on-labs to help you learn, measure, and improve the security of your architecture using best practices from the Security pillar of the AWS Well-Architected Framework.
scripts_for_hacking
pa2-proof-of-concept
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
IoT-Communication-Channel-Security
Self-Assessment-for-IT-Security
This is my solution to all three assignments of the course: Cryptography and Network Security held by NTU CSIE in 2023 Spring.
Cyber-Security-Projects
Security_Cw2
A collection of DuckyScript payloads targeting Linux systems.
Proof-of-Concept for dragging/dropping files directly from Outlook (Desktop)
security_frontend
COSC2539-Assignment-3-Assignment-Cyber-Security-Research-Paper
proof-of-concept server that pipes yt-dlp output into the http response
Proof of concept for CVE-2022-31814
Upgrade your communication with the best mobile VoIP phones and enhance the efficiency of your support and sales team. Get a quick set-up on any device you already have and start smarter communication. Cost-effective Communication Unified Communication Fl
As a proof of concept, the project is a Slack App to intercept messages sent to the user and deliver them in batches at the desired frequency or times.
Vital Hacks Website
Proof of concept for combining SmartPass and Vericatch data to calculate CPUE for Indonesia's Blue Swimming Crab fishery
This group project tasks you with designing and implementing a scalable, secure, and cost-effective cloud infrastructure using AWS services for a mid-sized company transitioning from on-premises servers. The goal is to solve a real-world business problem
Esse site é feito para programação e white hat hacking (cíbersegurança)
This repository provides a Proof of Concept (PoC) for database testing using Robot Framework, Python, and Docker. It demonstrates how to integrate Robot Framework with MySQL databases to validate data consistency and handle errors efficiently.
Proof-of-concept model and tools used for thesis.
This is a utility made in Python that allows users to generate password according to the internal policies configured in the utility, it can be customized according to the security especifications or regulations that must be comply
Walk-throughs for various methods to disrupt ESP32Marauder evil portals.
Just another proof of concept on LINQ
MicroCPQ is meant to be a proof of concept project to create a simple application with only HTML, CSS, and JavaScript within a single HTML file.
A GUI based program for making customised crypto stealing malware written in python
Spring-Security
Project Name: Password Strength Checker. Description: This project is a simple, interactive password strength checker that provides users with real-time feedback on the security level of their passwords. The application includes a dynamic interface and
Roblox Evade Script No Key Pastebin 2025 NEW OP GUI Keyless Undetected 100% Hack Cheat Exploit Byfron Bypass Supports all Executors Autofarm Admin Commands Free Download Free Gamepass PC and Mobile support 100% UNC Redz FPS Booster
An automated disease prediction tool combining web scraping, LLMs (Llama 3.2-1B), and an ID3 Decision Tree algorithm. This project provides an interactive GUI for symptom-based disease diagnosis and serves as a proof of concept for integrating AI into hea
Contains all the file for learning the Spring Security concepts.
Hack for Humanity | 2025
hacking
Proof of Concept für die Erstellung einer CI/CD-Pipeline mit Bamboo
A lightweight, framework-agnostic PHP library designed to enhance the security of your web applications. With easy-to-use tools for input sanitization, security headers, CSRF protection, encryption, and more, PhpSecureGuard helps developers secure their p
A collection of small projects from the Systems and Services Security course.
IoT-Communication-Security
The Library Management System is a secure web app with authentication and role-based access control (RBAC). Admins can manage books using CRUD operations, while users can view and borrow books. Designed for ease of use, it ensures efficient and secure li
Spring-Security_REST-Controllers
Practical projects tailored for beginners to develop and refine fundamental cybersecurity skills through real-world security assessments.
Proof of concept for Solana wallet integration in Svelte. Because virtually everything out there use React.
Abnormal-Security
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
spring-security2
Gandalf-AI-hacking
Course project repo for Advanced Software Quality and Security course
Roblox Phantom Forces Script No Key Pastebin 2025 NEW OP GUI Keyless Undetected 100% Hack Cheat Exploit Byfron Bypass Supports all Executors Autofarm Admin Commands Free Download Free Gamepass PC and Mobile support 100% UNC Redz FPS Booster
Lightweight app - proof of concept to integrate GoogleAdsAPI to fetch/create Campaigns, AdGroups & Ads
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
Public reports of FIS Security.
A basic stock order matching engine to process buy and sell orders, matches them based on predefined rules, and maintains order books for different securities.
This is a work-in-progress repository dedicated to sharing various Indicators of Compromise (IOCs) from production systems experiencing security incidents.
A Proof of Concept (PoC) for testing potential Denial of Service (DoS) vulnerabilities in servers using the LabyMod Server API.
Cyber-Security
MicroCPQ is meant to be a proof of concept project to create a simple application with only HTML, CSS, and JavaScript within a single HTML file.
This repo contains an impelementation of jwt in spring security
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
Ready-to-use Fortnite Driver Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, l
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
main_name_proof_of_concept
Contains the tasks done for Global Hack Week
Welcome to the ultimate Roblox Animal Simulator Script Hack 2025 repository! This GitHub repository provides a comprehensive collection of scripts and tools designed to enhance your gameplay experience in Roblox Animal Simulator. Whether you're looking to
Vulnerable version of the Computer Security course final project
Lessons_Python-for-security-practitioners
Este es un gestor de tareas y/o proyectos usando microservicios con spring boot, security, jwt y docker
DC540 hacking challenge 0x00008 [UNKNOWN CTF].
Website Testing
AWP is a Roblox executor with Luarmor support and 100% UNC compatibility, making it a solid choice for experienced users. With a Level 8 rating owned by Krampus, it remains a neutral option with strong features.
This Hack program demonstrates a stack overflow error due to a non-tail-recursive function.
Hacking around with CYD and BLE
NetHawk is your network security analysis tool with many features and alerts when network attacks occur with score report and attack path shown as IP.
Prodigi-CyberSecurity
Planning-to-Complete-Security-for-My-RBAC_using_NextJs15-and-NodeJs-for-2025
LifeVault is a digital vault designed to securely manage and share essential documents and data using a decentralized and transparent approach. Built on Hive and IPFS, LifeVault allows users to upload, retrieve, and share files with security, privacy, and
Cyber Security Labs
For Beginner to Professional the one and only guide you will ever need for Cyber Security.
security-project-esp32-sensors-security
ENCRYPT3X is a robust and user-friendly password manager designed with security and simplicity in mind. Built using modern technologies like React, Electron, and TypeScript, it provides a native desktop application experience while following the principle
nilgiri_security
poscodx-spring-security-practices
Text Encryption Web App: A simple tool that allows users to input text, choose an encryption algorithm (AES, RSA, DES), and view the simulated encrypted result. Built with HTML, CSS, and JavaScript, this project serves as an educational demo to understand
This repository contains a collection of cryptographic algorithms and security-related programs used in Computer Network Security (CNS) labs. It includes implementations in Java and C for algorithms like RSA, AES, Blowfish, and more.
This is a Proof of Concept (POC) shopping assistant chatbot, powered by OpenAI
I'm a 10 years old boy love to programming and hacking. Here is a collection of pseudoviruses.
SpringSecurityRefreshToken
Subcollector is a powerfull tool for passive and active subdomain enumeration, design to help security researcher and penetration testing.
WebSecurityScanner
SecurityTools_To_Airtable
NetworkSecurity
Artificial Intelligence, PROOF of CONCEPT area. Completing MICROSOFT tutorial on GitHub Copilot SKILLS.
Proof of concept for Dev Ops project
spring-security-practices
Proof of Concept - No-Code Website Builder
Stripe OAuth Proof of Concept
SecurityTesting
Hack-n-slash hero action! Use your commander to fight your way through multiplayer battles, in your very own mighty military machine!
This repository contains how to implement mlops in the cyber security domain
Repository for a course I completed on building REST APIs with NestJS. The course covers key concepts such as using TypeORM for database management, implementing JWT authentication for security, and writing tests to ensure code reliability. A hands-on jou
test-speed-cyber-security
cupidcr4wl is an open-source intelligence username search tool that crawls adult content platforms to see if a targeted account or person is present.
spring-security-practices
test_security
Exercise for obtain hacker news stories through their public API.
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undete…
Unlock Master Panel App
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
This repository contains the source code for a digital store website, built using PHP and MySQL, with several security vulnerabilities
FiveM External cheat, offers various features like aimbot, triggerbot, exploits, and customizable settings, enhancing the gameplay experience. It includes a KeyAuth system for additional security and user management. The cheat is designed to be undetectab
cyberSecurityNotes
Çalıştığımız projelerde bulunan uygulamalar özelinde PROOF of CONTENT(POC) çalışmaları ve dökümantasyonu
This Python tool is a powerful Facebook account verification tool used to check Facebook profiles and save checked accounts to .txt file.
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
FiveM External cheat, offers various features like aimbot, triggerbot, exploits, and customizable settings, enhancing the gameplay experience. It includes a KeyAuth system for additional security and user management. The cheat is designed to be undetectab
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
Welcome to the Roblox Game Development Toolkit repository! This project is designed to help developers and enthusiasts explore advanced game mechanics, scripting techniques, and optimization strategies for Roblox games. This repository is strictly for edu
Proof of Concept (PoC) for a backend component of a "Booking Data Ingestion System."
Proof of concept alternative keyboard for the Steam Deck and Steam Controller.
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
Group project App where users can share a list of their favorite songs with their friends and family, resulting in a greatest songs of all time master list. Created proof of concept for a single user.
All Of My Gimkit Hacks
A collection of Open-Source Intelligence resources.
Proof of concept for postmark issue #128
A microcontroller-based Smart Home System integrating a 4x4 keypad, ultrasonic sensor, KY-026 flame sensor, servo motor, LCD display, and fan control. It is built for enhanced security, automation, and energy efficiency, this system demonstrates the capab
Ready-to-use Fortnite Cheat Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, le
Project for Hack For Good 2025 by Fang Yi, Xin Yi, Skyler
S25_CSS_G0_GDP is a repository to teach students the contents of Computer Systems Security
Secured Website with Jwt , Cookies
Comprehensive guide and tools for protecting Ubuntu and Debian servers against Brute Force and DDoS attacks. This repository covers key techniques for server security, real-time monitoring, attack mitigation, and automated defense mechanisms.
This Python tool is a powerful Facebook account verification tool used to check Facebook profiles and save checked accounts to .txt file.
🔒 Permix is a lightweight, framework-agnostic, type-safe permissions management library for JavaScript applications on the client and server sides.
CI/CD usando scan actions para Container Security
In this repository, the code of my solution for the AWS i-Hack AWS Financial Security Hackathon 2025 has been deployed.
An Arduino based Proof-of-Concept for Potential ET Communication
Spring Boot 3 + Spring Security 6 - JWT Authentication and Authorization
Security script
Security
The WinRAR Exploit Builder is a C# project designed to create an exploit targeting a vulnerability in WinRAR.
FiveM External cheat, offers various features like aimbot, triggerbot, exploits, and customizable settings, enhancing the gameplay experience. It includes a KeyAuth system for additional security and user management. The cheat is designed to be undetectab
Proof of Concept of Github Actions
A mini project focusing on security in client and server relationship. Security concerns like end-to-end encryption, data encryption
Learn & Develop Microservices with Java, Spring Boot, Spring Cloud, Docker, Kubernetes, Helm, Microservices Security
BADDADAN is a proof of concept which combines mechanistic modelling with machine learning to study the response of A. thaliana to stress
Cosmic-security
JWT_Security_study
AISecLists - Your AI Red Teaming Arsenal. Discover a curated collection of prompt lists for diverse AI security assessments, including LLM jailbreaks, prompt injection, information disclosure, and more
Team Incognito's entry for Hack For Good 2025
Secure Banking Application focuses on building architecture that involves services from security to AI agent for better experience of customers.
CSE194: Hacking History and Culture (Spring 2025) class site and documents
About A secure messaging platform built with React, designed for enterprise use with end-to-end encryption and strict security measures.
Tracking the waiting time for security check at the Oslo airport using GitHub Actions.
A group project from Hack Your Furture Cohort 51. This is a quiz app about video games. Find out if you are a veteran gamer!
Ethical hacking utilities for testing Wi-Fi network security and monitoring.
ASP.NET Core user delegated access token management
Digital security guides for activists and organizers - https://activistchecklist.org
Aether is an open-source webcam security tool that automatically captures and encrypts photos during system access attempts. Operating entirely offline with local storage, it provides a simple yet powerful way to monitor and secure your system while maint
Security
This stateless microservice manages user authentication and authorization, ensuring secure access to system endpoints. It uses JWT for authentication and Spring Security for authorization, with no need for server-side session storage. The service provides
FTP-configuration-and-security
Blockchain Solutions is a project dedicated to building innovative decentralized tools for blockchain integration. Features include Account Abstraction, smart contract templates, and decentralized identity management. Built with cutting-edge blockchain fr
Project for the "Special Topics in Information Security" discipline.
proof-of-concept
A eCommerce platform built with Symfony The platform integrates user authentication, security measures, and a cart system to ensure a seamless shopping experience. include product listings, user account management, order processing. This project follows
The DSecO project is a data model for representing and reasoning on Domain Name System (DNS) data. The ontology is developed using web technologies (e.g. RDF, OWL, SKOS) and is intended as a structure for realizing a DNS Knowledge Graph (KG) for administr
A Thick client app for linux, designed to be vulnerable. a.k.a. Linux-Damn-Vulnerable-Thick-Client or Linux-Thick-Client-GOAT
Senserva Inq.Uisitor is an easy way to monitor and manage the security of all the Azure EntraID tenants you manage. Works for IT and Security Teams out of the box. Advanced customizations also easily done.
MERN Stack Auth & Password Reset A MERN stack app featuring secure user authentication (signup, login, logout) with JWT, and an email-based password reset system. Built with MongoDB, Express, React, and Node, it follows best practices in security, valid
Runtimes for Senserva - early beta please contact us for assistance and information. These are runtimes only, source available upon request and approval by Senserva.
spring boot 3 + spring security + Java 21
Security
bitpixie proof of concept
Explore the blueprint behind upgrading a healthcare office’s SOHO network to enterprise standards: Cisco hardware, fiber cabling, cloud security, segmentation, cybersecurity, & HIPAA-compliant protection.
Study SpringSecurity
Manipal Information Security Team Web Development Bootcamp Work
spring-bank-security
Global Hack Week by MLH is an event series designed to encourage skill development through structured challenges. This repository documents my journey and solutions for each coding challenge, focusing on problem-solving and algorithm development.
raspi_store_security
This mod adds industrial elements that combine industry, agriculture, and transportation, fantasy magic and fairy science systems, an incredible hack-and-slash RPG combat system, and a super-complex element centered on endless exploration. It provides an
This is a Cloud Security using AI project.
springboot3.4.0 :: jdk21(lts) :: spring security :: JWT :: JPA :: TDD :: RestDocs
Presentation for BS7204: Network Security and Penetration Testing
OAuth2/OpenID authentication and authorization server.
Learn Docker fundamentals, build and deploy containerized applications, and explore advanced topics like security, networking, and CI/CD integration.
ai_security_project
Cyber_security
This is a Spring Boot Project using Spring_Boot and Spring_Security etc...
Cyber-Security-Epicode
cloud-security-homelab
Cybersecurity Project: Monoalphabetic Encoder, Decoder, Brute-Force and Frequency-Analysis Attacker, and Implementation of Security Protocols Using Quantum Computing
This Repository is the main Source to my IT-Security Module in my Masters. It covers a Presentation and a Paper with a brief in depth explanation on how fuzzers work. The paper also Covers ideas and aproaches to include machine learning into a fuzzer to m
A proof of concept for the MatriXSS application, build with Flask.
This is a Decentralized Personal Health Record System (DPHRS) built on Ethereum Blockchain .It aims to give patients more control, privacy, and security over their medical data by decentralizing the storage and access.
A proof-of-concept tool for linking Minecraft player accounts with Discord profiles using unique verification codes. Not intended for production use.
Website Security Research Project - Oregon State University
This is a fun proof of concept for a personal assistant using the OpenAI Realtime API.
broken-security
💃 A type-safe, secure SQLite query builder with D1/Turso support with built-in migrations and security features.
A Proof of Concept for a Human Resources Management System built with Next.js for the frontend and Express.js for the backend.
Hacking-Scripts
Experimental AI agents hacks
A tool for generating optimised schedules for a team of private security guards, incorporating availability constraints, preferences and training. Based on Flask, OR-Tools and Vue.js, it offers an intuitive interface and results tailored to professional n
Proof of Concept for RIP-7755
A binary authorization and monitoring system for macOS
[UPDATE] 🛜 WiFi-Grabber collects Wi-Fi SSIDs and passwords and sends the logs to a Discord channel via webhook and more.
App Passwords Web API and Integration for Dovecot
Zen protects your Java app against attacks with one line of code. Get peace of mind— at runtime.
Vallem Security Group's open source analysis and vulnerability scanner.
The EDSA Main Website is built with Vue.js, Tailwind CSS, Node.js, and Firebase. It features AI learning resources, membership options, certifications, and standard logins via Google and LinkedIn. Deployed on Netlify, it ensures scalability and security t
Hacking reports and supporting material for the LLM hacking study
A secure and user-friendly key management solution for the Push chain, enabling seamless multi-chain interactions with advanced security and privacy features.
HackSmithScripts is a public GitHub repository offering a variety of tools and scripts for hacking, pentesting, red teaming, and vulnerability scanning. Ideal for cybersecurity professionals, penetration testers, and ethical hackers.
securityLit
Proof-of-concept gir parser developed in Vala
List of InfoSec/Hacker Cons
ESP32 based, hacked together modular-synth like thing for possible educational use.
Contributor9 티스토리 블로그 내에서 활용한 내용들을 담은 레포지토리입니다.
KeyMan is a password manager app built using Kotlin and Jetpack Compose, leveraging Room database for storage and AES encryption for maximum security.
proof of concept dating app using dotnet and angular
THE HACK
🧪 Proof of Concept for a RESTful API made with Node.js 20 (LTS) and Express.js 4 in TypeScript
Persistent data centric security that extends owner control wherever data travels
🧪 Proof of Concept for a RESTful API made with Go and Gin
Notes for hack the box and other lab machines
🧪 Proof of Concept for a Web API made with .NET 8 (LTS) and ASP.NET Core 8.0
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys.
AI FAQ Proof-of-Concept project: it provides a chatbot that replies to the questions on Hyperledger Ecosystem
A tool for deobfuscating JavaScript code protected by JSDefender to make it easier to analyse
Proof-of-concept exploit for the Solana transaction simulation bypass.
Software Supply Chain Security Platform
Helm charts for running open source digital forensic tools in Kubernetes
Dataset tools for acquiring and investigating hacker news
Desktop application to check security aspects like OS (Windows, Linux, MacOS) patches and application updates.
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address poten
Solidity, Defi, and blockchain security resources.
An Angular JWT authentication library with authentication service, route guard, interceptor and login modal to get your Angular app authentication setup in a breeze 😎
Automation
a pi-zero powered hacking tool, with badusb capabilities and hoaxshell payload generation and injection; the little sibling of the unfortunately dead p4wnp1-aloa
Drop-in proof-of-concept Astro app, fully integrated with your ButterCMS account
Simple client for interacting with the IKEA Dirigera hub (made as a proof-of-concept)
This is a simple Keylogger project designed to log keystrokes on a computer. It serves as an educational and awareness tool for understanding potential security risks related to keyloggers. Please use this responsibly and only on systems you own or have e
Proofs of Concept
This repository contains a simple geolocation api microservice, fast, reliable, Kubernetes friendly and ready written in go as a proof of concept.
Drop-in proof-of-concept Angular app, fully integrated with your ButterCMS account
Drop-in proof-of-concept Nuxt.JS, fully integrated with your ButterCMS account
Security Auditor Utility for GraphQL APIs
My first freelance job back in 2021. This is a landing page developed in React following mobile-first principles. This project was created for a real client who wanted this landing page proof of concept (PoC) for their project.
The StackRox Kubernetes Security Platform performs a risk analysis of the container environment, delivers visibility and runtime alerts, and provides recommendations to proactively improve security by hardening the environment.
The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines
Various Proof of Concept Materials/Shaders/PostPro
Beaver Hacks website
the only repository you've ever needed. supercharge your application today with this ultra performant library.
SOOS Security Analysis CI for GitHub Actions
A repository for my study activities
Secweb is a pack of security middlewares for fastApi and starlette server it includes CSP, HSTS, and many more
This repository showcases demonstrations and scenarios using Microsoft Cloud technologies. Please note that these demos are intended as a guide and are based on my personal experiences.
HTML5 make qr code hacks
a collection about macOS
Best-practices security made usable.
Neovim configuration with some personal hacks.
CodeQL Security Queries
Creating a resource to help build and manage an Insider Threat program.
Advance phishing tool with custom URL tunneling hosted by LocalTunnel, Ngrok, Cloudflare
EMBA - The firmware security analyzer
The digital home of engineer, educator, event organizer, security nerd, and artist Nicholas Young.
security-filter-tools
Portability shim for OpenBSD's rpki-client
Basic Atomic Swap Proof of Concept
Repository of various security and operational indicators collected while simulating the common adversary TTPs
🐣 Hacking with Swift Challenges and Tutorials
Hack the World using Termux
❄️ Firmware and simulator for Coldcard Hardware Wallet
NATflow hack kernel module
Pythonic WebAuthn 🐍
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter
Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS repositories and doesn't include patches not relevant to the build
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Very Simple Proof of Concept Parser for Simple Arithmetic Expressions.
Archive - Repository contains old publicly released presentations, tools, Proof of Concepts and other junk.
Application Security Verification Standard
Apache Syncope
AIL framework - Analysis Information Leak framework. Project moved to https://github.com/ail-project
SAFETAG is a curricula, a methodology, and a framework for security auditors working with advocacy groups.
Free Elasticsearch security plugin and Kibana security plugin: super-easy Kibana multi-tenancy, Encryption, Authentication, Authorization, Auditing
A p2p, secure file storage, social network and application protocol
CVE-2018-9387 -- In multiple functions of mnh-sm.c, there is a possible way to trigger a heap overflow due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat
CVE-2018-9389 -- In ip6_append_data of ip6_output.c, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploi
CVE-2018-9401 -- In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita
CVE-2018-9405 -- In BnDmAgent::onTransact of dm_agent.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2018-9406 -- In NlpService, there is a possible way to obtain location information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2018-9461 -- In onAttachFragment of ShareIntentActivity.java, there is a possible way for an app to read files in the messages app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio
CVE-2018-9464 -- In multiple locations, there is a possible way to read protected files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-50739 -- A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.
CVE-2024-11923 -- Under certain log settings the IAM or CORE service will log credentials in the iam logfile in Fortra Application Hub (Formerly named Helpsystems One) prior to version 1.3
CVE-2017-13322 -- In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User int
CVE-2018-9375 -- In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User in
CVE-2018-9379 -- In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not
CVE-2018-9382 -- In multiple functions of WifiServiceImpl.java, there is a possible way to activate Wi-Fi hotspot from a non-owner profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. U
CVE-2018-9383 -- In asn1_ber_decoder of asn1_decoder.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2018-9384 -- In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2018-9434 -- In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2018-9447 -- In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible way to crash the emergency callback mode due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is n
CVE-2021-21158 -- Rejected reason: Further investigation determines issue is not within scope of this CNA
CVE-2022-0303 -- Rejected reason: Further investigation determines issue is not a vulnerability
CVE-2023-50738 -- A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to
CVE-2024-10497 -- CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an
CVE-2024-10799 -- The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventer_woo_download_tickets() function. This makes it possible for authenticated attackers, with Subscriber-level access and above,
CVE-2024-11139 -- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that
CVE-2024-11146 -- TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is an entirely cloud-hosted application. Prior to version
CVE-2024-11425 -- CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the
CVE-2024-12142 -- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could
CVE-2024-12203 -- The RSS Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link_color’ parameter in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authentic
CVE-2024-12370 -- The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check when adding rooms in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to add rooms
CVE-2024-12399 -- CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability
CVE-2024-12466 -- The Proofreading plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenti
CVE-2024-12476 -- CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could
CVE-2024-12508 -- The Glofox Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glofox' and 'glofox_lead_capture ' shortcodes in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on
CVE-2024-12598 -- The MyBookProgress by Stormhill Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘book’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible
CVE-2024-12637 -- The Moving Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.05 via the export functionality. The JSON files are stored in predictable locations with guessable file names when exporting user
CVE-2024-12703 -- CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity
CVE-2024-12757 -- Nedap Librix Ecoreader
CVE-2024-13026 -- A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify® Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory
CVE-2024-13333 -- The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subsc
CVE-2024-13366 -- The Sandbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'debug' parameter in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated att
CVE-2024-13367 -- The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the export_download action in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Subscriber-level acce
CVE-2024-13377 -- The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alt’ parameter in all versions up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate
CVE-2024-13378 -- The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style_settings’ parameter in versions 2.9.0.1 up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for
CVE-2024-13386 -- The quote-posttype-plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Author field in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticat
CVE-2024-13398 -- The Checkout for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'checkout_for_paypal' shortcode in all versions up to, and including, 1.0.32 due to insufficient input sanitization and output escaping on user supp
CVE-2024-13401 -- The Payment Button for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_paypal_checkout' shortcode in all versions up to, and including, 1.2.3.35 due to insufficient input sanitization and output escaping on us
CVE-2024-13434 -- The WP Inventory Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for un
CVE-2024-13502 -- Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM allows Local Code Inclusion.This issue affects NTC2218, NTC2250, NTC2299: from 1.0.
CVE-2024-13503 -- Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM (Updating signaling process in the swdownload binary modules) allows Local Execution of Code, Remote Code Inclu
CVE-2024-26153 -- All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19
CVE-2024-26157 -- All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0
CVE-2024-34579 -- Fuji Electric Alpha5 SMART
CVE-2024-45832 -- Hard-coded credentials were included as part of the application binary.
CVE-2024-50967 -- The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information.
CVE-2024-51462 -- IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data.
CVE-2024-52363 -- IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVE-2024-52870 -- Teradata Vantage Editor 1.0.1 is mostly intended for SQL database access and docs.teradata.com access, but provides unintended functionality (including Chromium Developer Tools) that can result in a client user accessing arbitrary remote websites.
CVE-2024-53683 -- A valid set of credentials in a .js file and a static token for
CVE-2024-54681 -- Multiple bash files were present in the application's private directory.
CVE-2024-57030 -- Wegia < 3.2.0 is vulnerable to Cross Site Scripting (XSS) in /geral/documentos_funcionario.php via the id parameter.
CVE-2024-57031 -- WeGIA < 3.2.0 is vulnerable to SQL Injection in /funcionario/remuneracao.php via the id_funcionario parameter.
CVE-2024-57032 -- WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing any value in the senha_antiga field.
CVE-2024-57033 -- WeGIA < 3.2.0 is vulnerable to Cross Site Scripting (XSS) via the dados_addInfo parameter of documentos_funcionario.php.
CVE-2024-57034 -- WeGIA < 3.2.0 is vulnerable to SQL Injection in query_geracao_auto.php via the query parameter.
CVE-2024-57035 -- WeGIA v3.2.0 is vulnerable to SQL Injection viathe nextPage parameter in /controle/control.php.
CVE-2024-57252 -- OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in /admin/read.php, which can Read system files arbitrarily.
CVE-2024-57369 -- Clickjacking vulnerability in typecho v1.2.1.
CVE-2024-57370 -- Cross Site Scripting vulnerability in sunnygkp10 Online Exam System master version allows a remote attacker to obtain sensitive information via the w parameter.
CVE-2024-57372 -- Cross Site Scripting vulnerability in InformationPush master version allows a remote attacker to obtain sensitive information via the title, time and msg parameters
CVE-2025-0430 -- Belledonne Communications Linphone-Desktop
CVE-2025-0527 -- A vulnerability classified as critical was found in code-projects Admission Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /signupconfirm.php. The manipulation of the argument in_eml leads to sql injection. T
CVE-2025-0528 -- A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to com
CVE-2025-0529 -- A vulnerability, which was classified as critical, was found in code-projects Train Ticket Reservation System 1.0. This affects an unknown part of the component Login Form. The manipulation of the argument username leads to stack-based buffer overflow. At
CVE-2025-0530 -- A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. This vulnerability affects unknown code of the file /_parse/_feedback_system.php. The manipulation of the argument type leads to cross site scripting. The a
CVE-2025-0531 -- A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /user/leaveroom.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remo
CVE-2025-0532 -- A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/new_submit.php. The manipulation of the argument m_id leads to sql injection. It is possible
CVE-2025-0533 -- A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Code/sc_login.php. The manipulation of the argument una
CVE-2025-0534 -- A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Code/loginnew.php. The manipulation of the argument Username lea
CVE-2025-0535 -- A vulnerability classified as critical has been found in Codezips Gym Management System 1.0. This affects an unknown part of the file /dashboard/admin/edit_mem_submit.php. The manipulation of the argument uid leads to sql injection. It is possible to init
CVE-2025-0536 -- A vulnerability classified as critical was found in 1000 Projects Attendance Tracking Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_action.php. The manipulation of the argument attendance_id leads to sql injection.
CVE-2025-0537 -- A vulnerability, which was classified as problematic, has been found in code-projects Car Rental Management System 1.0. This issue affects some unknown processing of the file /admin/manage-pages.php. The manipulation of the argument pgdetails leads to cro
CVE-2025-0538 -- A vulnerability, which was classified as problematic, was found in code-projects Tourism Management System 1.0. Affected is an unknown function of the file /admin/manage-pages.php. The manipulation of the argument pgedetails leads to cross site scripting.
CVE-2025-0540 -- A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /expadd.php. The manipulation of the argument expcat leads to sql injection. The attack can be i
CVE-2025-0541 -- A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/edit_member.php. The manipulation of the argument name leads to sql injection. The attack m
CVE-2025-21185 -- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2025-21399 -- Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
CVE-2025-21606 -- stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name `eu.exelban.Stats.SMC.H
CVE-2025-23039 -- Caido is a web security auditing toolkit. A Cross-Site Scripting (XSS) vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execu
CVE-2025-23202 -- Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The `FetchVerse` and `FetchPassage` functions in the Bible Module are susceptible to injection attacks due to the absence of input validation. This vu
CVE-2025-23205 -- nbgrader is a system for assigning and grading notebooks. Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default
CVE-2025-23206 -- The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprin
CVE-2025-23207 -- KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with `renderToString` could encounter malicious input using `\htmlData` that runs arbitrary JavaScript, or generat
CVE-2025-23208 -- zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database (meta.db) is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing
CVE-2018-25108 -- An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption.
CVE-2021-35684 -- Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2022-21306.
CVE-2021-35685 -- Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2022-21371
CVE-2022-21384 -- Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2021-39275.
CVE-2023-22139 -- Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is mistakenly published by the other party.
CVE-2023-4319 -- Rejected reason: This CVE ID is a reservation duplicate of CVE-2023-4677. Notes: All CVE users should reference CVE-2023-4677 instead of this CVE ID.
CVE-2024-10789 -- The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupa_user_admin() function. This makes it possible for un
CVE-2024-10970 -- The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly val
CVE-2024-11452 -- The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'business_categories' shortcode in all versions up to, and including, 3.3.8 due to insufficient input sanitization and output escap
CVE-2024-12226 -- In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was determined that this could also be achieved in Version 1 a
CVE-2024-12427 -- The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attacke
CVE-2024-12613 -- The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient p
CVE-2024-12614 -- The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pms_save_setting' and 'post_new_pass' AJAX actions in all versions up to, and including, 1.4.8. This makes it possible
CVE-2024-12615 -- The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient pr
CVE-2024-13355 -- The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the upload_file() function in all versions up to, and including, 13.2. This make
CVE-2024-13387 -- The WP Responsive Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprtabs' shortcode in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attribute
CVE-2024-36402 -- Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to th
CVE-2024-36403 -- Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of re
CVE-2024-37181 -- Time-of-check time-of-use race condition in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable information disclosure via adjacent access.
CVE-2024-40513 -- An issue in themesebrand Chatvia v.5.3.2 allows a remote attacker to execute arbitrary code via the User profile Upload image function.
CVE-2024-40514 -- Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote attacker to escalate privileges via the User profile name and image upload functions.
CVE-2024-41746 -- IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials d
CVE-2024-45331 -- A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6
CVE-2024-46450 -- Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request.
CVE-2024-48460 -- An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails.
CVE-2024-48885 -- A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 t
CVE-2024-50563 -- A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud ver
CVE-2024-50633 -- A Broken Object Level Authorization (BOLA) vulnerability in Indico v3.2.9 allows attackers to access sensitive information via sending a crafted POST request to the component /api/principals.
CVE-2024-52594 -- Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit `c4f1e01` fixes this issue. Users are advis
CVE-2024-52602 -- Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo (MMR) is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fi
CVE-2024-52791 -- Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing,
CVE-2024-53553 -- An issue in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK v11.1.0 allows attackers to bypass authentication via crafted web requests.
CVE-2024-54660 -- A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Dr
CVE-2024-55511 -- A null pointer dereference vulnerability in Macrium Reflect prior to 8.1.8017 allows an attacker to elevate their privileges via executing a specially crafted executable.
CVE-2024-55954 -- OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint `/api/{org_id}/users/{email_id}` allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarch
CVE-2024-56136 -- Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated user c
CVE-2024-56515 -- Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled (they are disabled by default), a user may upload a file which claims to be either of these types and request a thumbn
CVE-2024-57159 -- 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html.
CVE-2024-57160 -- 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html.
CVE-2024-57161 -- 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/edit.html
CVE-2024-57162 -- Campcodes Cybercafe Management System v1.0 is vulnerable to SQL Injection in /ccms/view-user-detail.php.
CVE-2024-57575 -- Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.
CVE-2024-57577 -- Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
CVE-2024-57578 -- Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in the formSetCfm function.
CVE-2024-57579 -- Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function.
CVE-2024-57580 -- Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.
CVE-2024-57581 -- Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.
CVE-2024-57582 -- Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function.
CVE-2024-57583 -- Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function.
CVE-2024-57611 -- 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId.
CVE-2024-57676 -- An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G wlan service of the device via a crafted POST request.
CVE-2024-57677 -- An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the wan service of the device via a crafted POST request.
CVE-2024-57678 -- An access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G mac access control list of the device via a crafted POST request.
CVE-2024-57679 -- An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G repeater service of the device via a crafted POST request.
CVE-2024-57680 -- An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the port trigger of the device via a crafted POST request.
CVE-2024-57681 -- An access control issue in the component form2alg.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the agl service of the device via a crafted POST request.
CVE-2024-57682 -- An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST request.
CVE-2024-57683 -- An access control issue in the component websURLFilterAddDel of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the filter settings of the device via a crafted POST request.
CVE-2024-57684 -- An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request.
CVE-2024-57703 -- Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow.
CVE-2024-57704 -- Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime leads to stack-based buffer overflow.
CVE-2024-57768 -- JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key.
CVE-2024-57769 -- JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser.
CVE-2024-57770 -- JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id.
CVE-2024-57771 -- A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-57772 -- A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-57773 -- A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-57774 -- A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-57775 -- JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid.
CVE-2024-57776 -- A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-57784 -- An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal.
CVE-2024-57785 -- Zenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local file inclusion vulnerability via the component amc_uploads.php.
CVE-2025-0170 -- The DWT - Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the 'sort_by' and 'token' parameters. This makes it possibl
CVE-2025-0455 -- The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2025-0456 -- The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all accounts and passwords.
CVE-2025-0457 -- The airPASS from NetVision Information has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands.
CVE-2025-0471 -- Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to gain remote access to the machine, being able to access, modify and execute commands freely.
CVE-2025-0472 -- Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and enumerate the internal files of a machine by looking at the request response.
CVE-2025-0473 -- Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the ‘/pmb/authorities/import/iimport_authorities’ endpoi
CVE-2025-0476 -- Mattermost Mobile Apps versions <=2.22.0 fail to properly handle specially crafted attachment names, which allows an attacker to crash the mobile app for any user who opened a channel containing the specially crafted attachment
CVE-2025-0518 -- Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C .
CVE-2025-20072 -- Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input.
CVE-2025-20621 -- Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating
CVE-2025-20630 -- Mattermost Mobile versions <=2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the mobile to crash via creating and sending such a post to a channel.
CVE-2025-22904 -- RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function.
CVE-2025-22905 -- RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp.
CVE-2025-22906 -- RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN.
CVE-2025-22907 -- RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function.
CVE-2025-22912 -- RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept.
CVE-2025-22913 -- RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formStaDrvSetup function.
CVE-2025-22916 -- RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPoESetup function.
CVE-2025-23198 -- librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versions u
CVE-2025-23199 -- librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `/ajax_form.php` -> param: descr. Librenms version up to 24.10.1 allow remote attackers to inject malicious scripts. When
CVE-2025-23200 -- librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `ajax_form.php` -> param: state. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When
CVE-2025-23201 -- librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting (XSS) on the parameters:`/addhost` -> param: community. Librenms versions up to 24.10.1 allow remote attackers to inject malicious
CVE-2025-23423 -- Missing Authorization vulnerability in Smackcoders SendGrid for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SendGrid for WordPress: from n/a through 1.4.
CVE-2025-23424 -- Cross-Site Request Forgery (CSRF) vulnerability in Brian Novotny – Creative Software Design Solutions Marquee Style RSS News Ticker allows Cross Site Request Forgery.This issue affects Marquee Style RSS News Ticker: from n/a through 3.2.0.
CVE-2025-23426 -- Cross-Site Request Forgery (CSRF) vulnerability in Wizcrew Technologies go Social allows Stored XSS.This issue affects go Social: from n/a through 1.0.
CVE-2025-23429 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in altimawebsystems.com Altima Lookbook Free for WooCommerce allows Reflected XSS.This issue affects Altima Lookbook Free for WooCommerce: from n/a through
CVE-2025-23430 -- Cross-Site Request Forgery (CSRF) vulnerability in Oren Yomtov Mass Custom Fields Manager allows Reflected XSS.This issue affects Mass Custom Fields Manager: from n/a through 1.5.
CVE-2025-23432 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlTi5 AlT Report allows Reflected XSS.This issue affects AlT Report: from n/a through 1.12.0.
CVE-2025-23434 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Albertolabs.com Easy EU Cookie law allows Stored XSS.This issue affects Easy EU Cookie law: from n/a through 1.3.3.1.
CVE-2025-23435 -- Cross-Site Request Forgery (CSRF) vulnerability in David Marcucci Password Protect Plugin for WordPress allows Stored XSS.This issue affects Password Protect Plugin for WordPress: from n/a through 0.8.1.0.
CVE-2025-23436 -- Cross-Site Request Forgery (CSRF) vulnerability in Capa Wp-Scribd-List allows Stored XSS.This issue affects Wp-Scribd-List: from n/a through 1.2.
CVE-2025-23438 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MarvinLabs WP PT-Viewer allows Reflected XSS.This issue affects WP PT-Viewer: from n/a through 2.0.2.
CVE-2025-23442 -- Cross-Site Request Forgery (CSRF) vulnerability in matias s Shockingly Big IE6 Warning allows Stored XSS.This issue affects Shockingly Big IE6 Warning: from n/a through 1.6.3.
CVE-2025-23444 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nasir Scroll Top Advanced allows Stored XSS.This issue affects Scroll Top Advanced: from n/a through 2.5.
CVE-2025-23445 -- Cross-Site Request Forgery (CSRF) vulnerability in Scott Swezey Easy Tynt allows Cross Site Request Forgery.This issue affects Easy Tynt: from n/a through 0.2.5.1.
CVE-2025-23452 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EditionGuard Dev Team EditionGuard for WooCommerce – eBook Sales with DRM allows Reflected XSS.This issue affects EditionGuard for WooCommerce – eBook Sa
CVE-2025-23453 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Myriad Solutionz Stars SMTP Mailer allows Reflected XSS.This issue affects Stars SMTP Mailer: from n/a through 1.7.
CVE-2025-23455 -- Cross-Site Request Forgery (CSRF) vulnerability in mastersoftwaresolutions WP VTiger Synchronization allows Stored XSS.This issue affects WP VTiger Synchronization: from n/a through 1.1.1.
CVE-2025-23456 -- Cross-Site Request Forgery (CSRF) vulnerability in Somethinkodd.com Development Team EmailShroud allows Reflected XSS.This issue affects EmailShroud: from n/a through 2.2.1.
CVE-2025-23463 -- Cross-Site Request Forgery (CSRF) vulnerability in Mukesh Dak MD Custom content after or before of post allows Stored XSS.This issue affects MD Custom content after or before of post: from n/a through 1.0.
CVE-2025-23467 -- Cross-Site Request Forgery (CSRF) vulnerability in Vimal Ghorecha RSS News Scroller allows Stored XSS.This issue affects RSS News Scroller: from n/a through 2.0.0.
CVE-2025-23470 -- Cross-Site Request Forgery (CSRF) vulnerability in X Villamuera Visit Site Link enhanced allows Stored XSS.This issue affects Visit Site Link enhanced: from n/a through 1.0.
CVE-2025-23471 -- Cross-Site Request Forgery (CSRF) vulnerability in Andy Chapman ECT Add to Cart Button allows Stored XSS.This issue affects ECT Add to Cart Button: from n/a through 1.4.
CVE-2025-23476 -- Cross-Site Request Forgery (CSRF) vulnerability in isnowfy my-related-posts allows Stored XSS.This issue affects my-related-posts: from n/a through 1.1.
CVE-2025-23483 -- Cross-Site Request Forgery (CSRF) vulnerability in Niklas Olsson Universal Analytics Injector allows Stored XSS.This issue affects Universal Analytics Injector: from n/a through 1.0.3.
CVE-2025-23497 -- Cross-Site Request Forgery (CSRF) vulnerability in Albdesign Simple Project Manager allows Stored XSS.This issue affects Simple Project Manager: from n/a through 1.2.2.
CVE-2025-23499 -- Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier Board Election allows Stored XSS.This issue affects Board Election: from n/a through 1.0.1.
CVE-2025-23501 -- Cross-Site Request Forgery (CSRF) vulnerability in SpruceJoy Cookie Consent & Autoblock for GDPR/CCPA allows Stored XSS.This issue affects Cookie Consent & Autoblock for GDPR/CCPA: from n/a through 1.0.1.
CVE-2025-23508 -- Cross-Site Request Forgery (CSRF) vulnerability in EdesaC Extra Options – Favicons allows Stored XSS.This issue affects Extra Options – Favicons: from n/a through 1.1.0.
CVE-2025-23510 -- Cross-Site Request Forgery (CSRF) vulnerability in Zaantar WordPress Logging Service allows Stored XSS.This issue affects WordPress Logging Service: from n/a through 1.5.4.
CVE-2025-23511 -- Cross-Site Request Forgery (CSRF) vulnerability in Viktoria Rei Bauer WP-BlackCheck allows Stored XSS.This issue affects WP-BlackCheck: from n/a through 2.7.2.
CVE-2025-23513 -- Cross-Site Request Forgery (CSRF) vulnerability in Joshua Wieczorek Bible Embed allows Stored XSS.This issue affects Bible Embed: from n/a through 0.0.4.
CVE-2025-23514 -- Missing Authorization vulnerability in Sanjaysolutions Loginplus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Loginplus: from n/a through 1.2.
CVE-2025-23528 -- Incorrect Privilege Assignment vulnerability in Wouter Dijkstra DD Roles allows Privilege Escalation.This issue affects DD Roles: from n/a through 4.1.
CVE-2025-23530 -- Cross-Site Request Forgery (CSRF) vulnerability in Yonatan Reinberg of Social Ink Custom Post Type Lockdown allows Privilege Escalation.This issue affects Custom Post Type Lockdown: from n/a through 1.11.
CVE-2025-23532 -- Cross-Site Request Forgery (CSRF) vulnerability in Regios MyAnime Widget allows Privilege Escalation.This issue affects MyAnime Widget: from n/a through 1.0.
CVE-2025-23533 -- Cross-Site Request Forgery (CSRF) vulnerability in Adrian Moreno WP Lyrics allows Stored XSS.This issue affects WP Lyrics: from n/a through 0.4.1.
CVE-2025-23537 -- Cross-Site Request Forgery (CSRF) vulnerability in Oren hahiashvili add custom google tag manager allows Stored XSS.This issue affects add custom google tag manager: from n/a through 1.0.3.
CVE-2025-23547 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Shaw LH Login Page allows Reflected XSS.This issue affects LH Login Page: from n/a through 2.14.
CVE-2025-23557 -- Cross-Site Request Forgery (CSRF) vulnerability in Kathleen Malone Find Your Reps allows Stored XSS.This issue affects Find Your Reps: from n/a through 1.2.
CVE-2025-23558 -- Cross-Site Request Forgery (CSRF) vulnerability in digfish Geotagged Media allows Stored XSS.This issue affects Geotagged Media: from n/a through 0.3.0.
CVE-2025-23559 -- Cross-Site Request Forgery (CSRF) vulnerability in Stepan Stepasyuk MemeOne allows Stored XSS.This issue affects MemeOne: from n/a through 2.0.5.
CVE-2025-23560 -- Cross-Site Request Forgery (CSRF) vulnerability in Elke Hinze, Plumeria Web Design Web Testimonials allows Stored XSS.This issue affects Web Testimonials: from n/a through 1.2.
CVE-2025-23566 -- Cross-Site Request Forgery (CSRF) vulnerability in Syed Amir Hussain Custom Post allows Stored XSS.This issue affects Custom Post: from n/a through 1.0.
CVE-2025-23567 -- Cross-Site Request Forgery (CSRF) vulnerability in Intuitive Design GDReseller allows Stored XSS.This issue affects GDReseller: from n/a through 1.6.
CVE-2025-23569 -- Cross-Site Request Forgery (CSRF) vulnerability in Kelvin Ng Shortcode in Comment allows Stored XSS.This issue affects Shortcode in Comment: from n/a through 1.1.1.
CVE-2025-23572 -- Cross-Site Request Forgery (CSRF) vulnerability in Dave Konopka, Martin Scharm UpDownUpDown allows Stored XSS.This issue affects UpDownUpDown: from n/a through 1.1.
CVE-2025-23573 -- Cross-Site Request Forgery (CSRF) vulnerability in Sam Burdge WP Background Tile allows Stored XSS.This issue affects WP Background Tile: from n/a through 1.0.
CVE-2025-23577 -- Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Word Freshener allows Stored XSS.This issue affects Word Freshener: from n/a through 1.3.
CVE-2025-23617 -- Cross-Site Request Forgery (CSRF) vulnerability in Oliver Schaal Floatbox Plus allows Stored XSS.This issue affects Floatbox Plus: from n/a through 1.4.4.
CVE-2025-23618 -- Cross-Site Request Forgery (CSRF) vulnerability in Andrea Brandi Twitter Shortcode allows Stored XSS.This issue affects Twitter Shortcode: from n/a through 0.9.
CVE-2025-23620 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexey Trofimov Captchelfie – Captcha by Selfie allows Reflected XSS.This issue affects Captchelfie – Captcha by Selfie: from n/a through 1.0.7.
CVE-2025-23623 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahesh Bisen Contact Form 7 – CCAvenue Add-on allows Reflected XSS.This issue affects Contact Form 7 – CCAvenue Add-on: from n/a through 1.0.
CVE-2025-23627 -- Cross-Site Request Forgery (CSRF) vulnerability in Gordon French Comment-Emailer allows Stored XSS.This issue affects Comment-Emailer: from n/a through 1.0.5.
CVE-2025-23639 -- Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC YouTube Downloader allows Stored XSS.This issue affects MDC YouTube Downloader: from n/a through 3.0.0.
CVE-2025-23640 -- Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan Rename Author Slug allows Stored XSS.This issue affects Rename Author Slug: from n/a through 1.2.0.
CVE-2025-23641 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thomas Ehrhardt Powie's pLinks PagePeeker allows DOM-Based XSS.This issue affects Powie's pLinks PagePeeker: from n/a through 1.0.2.
CVE-2025-23642 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pflonk Sidebar-Content from Shortcode allows DOM-Based XSS.This issue affects Sidebar-Content from Shortcode: from n/a through 2.0.
CVE-2025-23644 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Kuepper QuoteMedia Tools allows DOM-Based XSS.This issue affects QuoteMedia Tools: from n/a through 1.0.
CVE-2025-23649 -- Cross-Site Request Forgery (CSRF) vulnerability in Kreg Steppe Auphonic Importer allows Stored XSS.This issue affects Auphonic Importer: from n/a through 1.5.1.
CVE-2025-23654 -- Cross-Site Request Forgery (CSRF) vulnerability in Vinícius Krolow Twitter Post allows Stored XSS.This issue affects Twitter Post: from n/a through 0.1.
CVE-2025-23659 -- Cross-Site Request Forgery (CSRF) vulnerability in Hernan Javier Hegykozi MercadoLibre Integration allows Stored XSS.This issue affects MercadoLibre Integration: from n/a through 1.1.
CVE-2025-23660 -- Cross-Site Request Forgery (CSRF) vulnerability in Walter Cerrudo MFPlugin allows Stored XSS.This issue affects MFPlugin: from n/a through 1.3.
CVE-2025-23661 -- Cross-Site Request Forgery (CSRF) vulnerability in Ryan Sutana NV Slider allows Stored XSS.This issue affects NV Slider: from n/a through 1.6.
CVE-2025-23662 -- Cross-Site Request Forgery (CSRF) vulnerability in Ryan Sutana WP Panoramio allows Stored XSS.This issue affects WP Panoramio: from n/a through 1.5.0.
CVE-2025-23664 -- Cross-Site Request Forgery (CSRF) vulnerability in Real Seguro Viagem Real Seguro Viagem allows Stored XSS.This issue affects Real Seguro Viagem: from n/a through 2.0.5.
CVE-2025-23665 -- Cross-Site Request Forgery (CSRF) vulnerability in Rapid Sort RSV GMaps allows Stored XSS.This issue affects RSV GMaps: from n/a through 1.5.
CVE-2025-23673 -- Cross-Site Request Forgery (CSRF) vulnerability in Don Kukral Email on Publish allows Stored XSS.This issue affects Email on Publish: from n/a through 1.5.
CVE-2025-23675 -- Cross-Site Request Forgery (CSRF) vulnerability in SandyIN Import Users to MailChimp allows Stored XSS.This issue affects Import Users to MailChimp: from n/a through 1.0.
CVE-2025-23677 -- Cross-Site Request Forgery (CSRF) vulnerability in DSmidgy HTTP to HTTPS link changer by Eyga.net allows Stored XSS.This issue affects HTTP to HTTPS link changer by Eyga.net: from n/a through 0.2.4.
CVE-2025-23689 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Poco Blogger Image Import allows Stored XSS.This issue affects Blogger Image Import: from 2.1 through n/a.
CVE-2025-23690 -- Cross-Site Request Forgery (CSRF) vulnerability in ArtkanMedia Book a Place allows Stored XSS.This issue affects Book a Place: from n/a through 0.7.1.
CVE-2025-23691 -- Cross-Site Request Forgery (CSRF) vulnerability in Braulio Aquino García Send to Twitter allows Stored XSS.This issue affects Send to Twitter: from n/a through 1.7.2.
CVE-2025-23692 -- Cross-Site Request Forgery (CSRF) vulnerability in Artem Anikeev Slider for Writers allows Stored XSS.This issue affects Slider for Writers: from n/a through 1.3.
CVE-2025-23693 -- Cross-Site Request Forgery (CSRF) vulnerability in Stanislaw Skonieczny Secure CAPTCHA allows Stored XSS.This issue affects Secure CAPTCHA: from n/a through 1.2.
CVE-2025-23694 -- Cross-Site Request Forgery (CSRF) vulnerability in Shabbos Commerce Shabbos and Yom Tov allows Stored XSS.This issue affects Shabbos and Yom Tov: from n/a through 1.9.
CVE-2025-23698 -- Cross-Site Request Forgery (CSRF) vulnerability in Iván R. Delgado Martínez WP Custom Google Search allows Stored XSS.This issue affects WP Custom Google Search: from n/a through 1.0.
CVE-2025-23699 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TechMix Event Countdown Timer Plugin by TechMix allows Reflected XSS.This issue affects Event Countdown Timer Plugin by TechMix: from n/a through 1.4.
CVE-2025-23702 -- Cross-Site Request Forgery (CSRF) vulnerability in Schalk Burger Anonymize Links allows Stored XSS.This issue affects Anonymize Links: from n/a through 1.1.
CVE-2025-23703 -- Cross-Site Request Forgery (CSRF) vulnerability in CS : ABS-Hosting.nl / Walchum.net Free MailClient FMC allows Stored XSS.This issue affects Free MailClient FMC: from n/a through 1.0.
CVE-2025-23708 -- Cross-Site Request Forgery (CSRF) vulnerability in Dominic Fallows DF Draggable allows Stored XSS.This issue affects DF Draggable: from n/a through 1.13.2.
CVE-2025-23710 -- Cross-Site Request Forgery (CSRF) vulnerability in Mayur Sojitra Flying Twitter Birds allows Stored XSS.This issue affects Flying Twitter Birds: from n/a through 1.8.
CVE-2025-23712 -- Cross-Site Request Forgery (CSRF) vulnerability in Kapost Kapost allows Stored XSS.This issue affects Kapost: from n/a through 2.2.9.
CVE-2025-23713 -- Cross-Site Request Forgery (CSRF) vulnerability in Artem Anikeev Hack me if you can allows Stored XSS.This issue affects Hack me if you can: from n/a through 1.2.
CVE-2025-23715 -- Cross-Site Request Forgery (CSRF) vulnerability in RaymondDesign Post & Page Notes allows Stored XSS.This issue affects Post & Page Notes: from n/a through 0.1.1.
CVE-2025-23717 -- Cross-Site Request Forgery (CSRF) vulnerability in ITMOOTI Theme My Ontraport Smartform allows Stored XSS.This issue affects Theme My Ontraport Smartform: from n/a through 1.2.11.
CVE-2025-23720 -- Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Web Push allows Stored XSS.This issue affects Web Push: from n/a through 1.4.0.
CVE-2025-23743 -- Cross-Site Request Forgery (CSRF) vulnerability in Martijn Scheybeler Social Analytics allows Stored XSS.This issue affects Social Analytics: from n/a through 0.2.
CVE-2025-23745 -- Cross-Site Request Forgery (CSRF) vulnerability in Tussendoor internet & marketing Call me Now allows Stored XSS.This issue affects Call me Now: from n/a through 1.0.5.
CVE-2025-23749 -- Cross-Site Request Forgery (CSRF) vulnerability in Mahdi Khaksar mybb Last Topics allows Stored XSS.This issue affects mybb Last Topics: from n/a through 1.0.
CVE-2025-23760 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Volkov Chatter allows Stored XSS. This issue affects Chatter: from n/a through 1.0.1.
CVE-2025-23761 -- Missing Authorization vulnerability in Alex Volkov Woo Tuner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Tuner: from n/a through 0.1.2.
CVE-2025-23764 -- Missing Authorization vulnerability in Ujjaval Jani Copy Move Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Copy Move Posts: from n/a through 1.6.
CVE-2025-23765 -- Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER allows Cross Site Request Forgery.This issue affects W3SPEEDSTER: from n/a through 7.33.
CVE-2025-23767 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Revolutionart Marmoset Viewer allows Stored XSS.This issue affects Marmoset Viewer: from n/a through 1.9.3.
CVE-2025-23772 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eugenio Petullà imaGenius allows Stored XSS.This issue affects imaGenius: from n/a through 1.7.
CVE-2025-23775 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WWP GMAPS for WPBakery Page Builder Free allows Stored XSS.This issue affects GMAPS for WPBakery Page Builder Free: from n/a through 1.2.
CVE-2025-23776 -- Missing Authorization vulnerability in Thorn Technologies LLC Cache Sniper for Nginx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through 1.0.4.2.
CVE-2025-23777 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Willows Consulting Ltd. GDPR Personal Data Reports allows Stored XSS.This issue affects GDPR Personal Data Reports: from n/a through 1.0.5.
CVE-2025-23778 -- Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through 1.3.2.
CVE-2025-23779 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in web-mv.de ResAds allows SQL Injection.This issue affects ResAds: from n/a through 2.0.5.
CVE-2025-23780 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AlphaBPO Easy Code Snippets allows SQL Injection.This issue affects Easy Code Snippets: from n/a through 1.0.2.
CVE-2025-23783 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in carrotbits Greek Namedays Widget From Eortologio.Net allows Stored XSS.This issue affects Greek Namedays Widget From Eortologio.Net: from n/a through 201
CVE-2025-23785 -- Missing Authorization vulnerability in August Infotech AI Responsive Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Responsive Gallery Album: from n/a through 1.4.
CVE-2025-23791 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RocaPress Horizontal Line Shortcode allows Stored XSS.This issue affects Horizontal Line Shortcode: from n/a through 1.0.
CVE-2025-23793 -- Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian Auto FTP allows Stored XSS. This issue affects Auto FTP: from n/a through 1.0.1.
CVE-2025-23794 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rccoder wp_amaps allows Stored XSS.This issue affects wp_amaps: from n/a through 1.7.
CVE-2025-23795 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gold Plugins Easy FAQs allows Stored XSS.This issue affects Easy FAQs: from n/a through 3.2.1.
CVE-2025-23796 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tushar Patel Easy Portfolio allows Stored XSS.This issue affects Easy Portfolio: from n/a through 1.3.
CVE-2025-23797 -- Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor allows Privilege Escalation.This issue affects WP Options Editor: from n/a through 1.1.
CVE-2025-23800 -- Cross-Site Request Forgery (CSRF) vulnerability in David Hamilton OrangeBox allows Cross Site Request Forgery.This issue affects OrangeBox: from n/a through 3.0.0.
CVE-2025-23801 -- Cross-Site Request Forgery (CSRF) vulnerability in Benjamin Guy Style Admin allows Stored XSS.This issue affects Style Admin: from n/a through 1.4.3.
CVE-2025-23802 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steven Soehl WP-Revive Adserver allows Stored XSS.This issue affects WP-Revive Adserver: from n/a through 2.2.1.
CVE-2025-23804 -- Cross-Site Request Forgery (CSRF) vulnerability in Shiv Prakash Tiwari WP Service Payment Form With Authorize.net allows Reflected XSS.This issue affects WP Service Payment Form With Authorize.net: from n/a through 2.6.0.
CVE-2025-23805 -- Cross-Site Request Forgery (CSRF) vulnerability in SEOReseller Team SEOReseller Partner allows Cross Site Request Forgery.This issue affects SEOReseller Partner: from n/a through 1.3.15.
CVE-2025-23807 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jimmy Hu Spiderpowa Embed PDF allows Stored XSS.This issue affects Spiderpowa Embed PDF: from n/a through 1.0.
CVE-2025-23808 -- Cross-Site Request Forgery (CSRF) vulnerability in Matt van Andel Custom List Table Example allows Reflected XSS.This issue affects Custom List Table Example: from n/a through 1.4.1.
CVE-2025-23810 -- Cross-Site Request Forgery (CSRF) vulnerability in Igor Sazonov Len Slider allows Reflected XSS.This issue affects Len Slider: from n/a through 2.0.11.
CVE-2025-23815 -- Cross-Site Request Forgery (CSRF) vulnerability in linickx root Cookie allows Cross Site Request Forgery. This issue affects root Cookie: from n/a through 1.6.
CVE-2025-23816 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaphorcreations Metaphor Widgets allows Stored XSS. This issue affects Metaphor Widgets: from n/a through 2.4.
CVE-2025-23817 -- Cross-Site Request Forgery (CSRF) vulnerability in Mahadir Ahmad MHR-Custom-Anti-Copy allows Stored XSS.This issue affects MHR-Custom-Anti-Copy: from n/a through 2.0.
CVE-2025-23818 -- Cross-Site Request Forgery (CSRF) vulnerability in Peggy Kuo More Link Modifier allows Stored XSS.This issue affects More Link Modifier: from n/a through 1.0.3.
CVE-2025-23820 -- Cross-Site Request Forgery (CSRF) vulnerability in Laxman Thapa Content Security Policy Pro allows Cross Site Request Forgery.This issue affects Content Security Policy Pro: from n/a through 1.3.5.
CVE-2025-23821 -- Cross-Site Request Forgery (CSRF) vulnerability in Aleapp WP Cookies Alert allows Cross Site Request Forgery.This issue affects WP Cookies Alert: from n/a through 1.1.1.
CVE-2025-23822 -- Cross-Site Request Forgery (CSRF) vulnerability in Cornea Alexandru Category Custom Fields allows Cross Site Request Forgery.This issue affects Category Custom Fields: from n/a through 1.0.
CVE-2025-23823 -- Cross-Site Request Forgery (CSRF) vulnerability in jprintf CNZZ&51LA for WordPress allows Cross Site Request Forgery.This issue affects CNZZ&51LA for WordPress: from n/a through 1.0.1.
CVE-2025-23824 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexander Weleczka FontAwesome.io ShortCodes allows Stored XSS.This issue affects FontAwesome.io ShortCodes: from n/a through 1.0.
CVE-2025-23825 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Thorpe Easy Shortcode Buttons allows Stored XSS.This issue affects Easy Shortcode Buttons: from n/a through 1.2.
CVE-2025-23826 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Predrag Supurovic Stop Comment Spam allows Stored XSS.This issue affects Stop Comment Spam: from n/a through 0.5.3.
CVE-2025-23827 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Strx Strx Magic Floating Sidebar Maker allows Stored XSS.This issue affects Strx Magic Floating Sidebar Maker: from n/a through 1.4.1.
CVE-2025-23828 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OriginalTips.com WordPress Data Guard allows Stored XSS.This issue affects WordPress Data Guard: from n/a through 8.
CVE-2025-23830 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jobair JB Horizontal Scroller News Ticker allows DOM-Based XSS.This issue affects JB Horizontal Scroller News Ticker: from n/a through 1.0.
CVE-2025-23831 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rene Hermenau QR Code Generator allows DOM-Based XSS.This issue affects QR Code Generator: from n/a through 1.2.6.
CVE-2025-23832 -- Cross-Site Request Forgery (CSRF) vulnerability in Matt Gibbs Admin Cleanup allows Stored XSS.This issue affects Admin Cleanup: from n/a through 1.0.2.
CVE-2025-23833 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RaminMT Links/Problem Reporter allows DOM-Based XSS.This issue affects Links/Problem Reporter: from n/a through 2.6.0.
CVE-2025-23841 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikos M. Top Flash Embed allows Stored XSS.This issue affects Top Flash Embed: from n/a through 0.3.4.
CVE-2025-23842 -- Cross-Site Request Forgery (CSRF) vulnerability in Nilesh Shiragave WordPress Gallery Plugin allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin: from n/a through 1.4.
CVE-2025-23844 -- Cross-Site Request Forgery (CSRF) vulnerability in wellwisher Custom Widget Classes allows Cross Site Request Forgery.This issue affects Custom Widget Classes: from n/a through 1.1.
CVE-2025-23848 -- Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Hotspots Analytics allows Stored XSS.This issue affects Hotspots Analytics: from n/a through 4.0.12.
CVE-2025-23854 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YesStreaming.com Shoutcast and Icecast Internet Radio Hosting Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com allows Stored XSS.This iss
CVE-2025-23856 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alessandro Staniscia Simple Vertical Timeline allows DOM-Based XSS.This issue affects Simple Vertical Timeline: from n/a through 0.1.
CVE-2025-23859 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joshua Wieczorek Daily Proverb allows Stored XSS.This issue affects Daily Proverb: from n/a through 2.0.3.
CVE-2025-23860 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eyouth { rob.panes } Charity-thermometer allows Stored XSS.This issue affects Charity-thermometer: from n/a through 1.1.2.
CVE-2025-23861 -- Cross-Site Request Forgery (CSRF) vulnerability in Katz Web Services, Inc. Debt Calculator allows Cross Site Request Forgery.This issue affects Debt Calculator: from n/a through 1.0.1.
CVE-2025-23862 -- Missing Authorization vulnerability in SzMake Contact Form 7 Anti Spambot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form 7 Anti Spambot: from n/a through 1.0.1.
CVE-2025-23863 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eiji ‘Sabaoh’ Yamada Rollover Tab allows Stored XSS.This issue affects Rollover Tab: from n/a through 1.3.2.
CVE-2025-23864 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Code Snippets (Luke America) WCS QR Code Generator allows Stored XSS.This issue affects WCS QR Code Generator: from n/a through 1.0.
CVE-2025-23865 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pressfore Winning Portfolio allows Stored XSS.This issue affects Winning Portfolio: from n/a through 1.1.
CVE-2025-23868 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markus Liebelt Chess Tempo Viewer allows Stored XSS.This issue affects Chess Tempo Viewer: from n/a through 0.9.5.
CVE-2025-23869 -- Cross-Site Request Forgery (CSRF) vulnerability in Shibu Lijack a.k.a CyberJack CJ Custom Content allows Stored XSS.This issue affects CJ Custom Content: from n/a through 2.0.
CVE-2025-23870 -- Cross-Site Request Forgery (CSRF) vulnerability in Robert Nicholson Copyright Safeguard Footer Notice allows Stored XSS.This issue affects Copyright Safeguard Footer Notice: from n/a through 3.0.
CVE-2025-23871 -- Cross-Site Request Forgery (CSRF) vulnerability in Bas Matthee LSD Google Maps Embedder allows Cross Site Request Forgery.This issue affects LSD Google Maps Embedder: from n/a through 1.1.
CVE-2025-23872 -- Cross-Site Request Forgery (CSRF) vulnerability in PayForm PayForm allows Stored XSS.This issue affects PayForm: from n/a through 2.0.
CVE-2025-23873 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anshi Solutions Category D3 Tree allows Stored XSS.This issue affects Category D3 Tree: from n/a through 1.1.
CVE-2025-23875 -- Cross-Site Request Forgery (CSRF) vulnerability in Tim Ridgway Better Protected Pages allows Stored XSS.This issue affects Better Protected Pages: from n/a through 1.0.
CVE-2025-23876 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jens Remus WP krpano allows Stored XSS.This issue affects WP krpano: from n/a through 1.2.1.
CVE-2025-23877 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nitethemes Nite Shortcodes allows Stored XSS.This issue affects Nite Shortcodes: from n/a through 1.0.
CVE-2025-23878 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Reilly Post-to-Post Links allows Stored XSS.This issue affects Post-to-Post Links: from n/a through 4.2.
CVE-2025-23880 -- Cross-Site Request Forgery (CSRF) vulnerability in anmari amr personalise allows Cross Site Request Forgery.This issue affects amr personalise: from n/a through 2.10.
CVE-2025-23884 -- Cross-Site Request Forgery (CSRF) vulnerability in Chris Roberts Annie allows Cross Site Request Forgery.This issue affects Annie: from n/a through 2.1.1.
CVE-2025-23886 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Roberts Annie allows Stored XSS.This issue affects Annie: from n/a through 2.1.1.
CVE-2025-23887 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Allan Wallick Blog Summary allows Stored XSS.This issue affects Blog Summary: from n/a through 0.1.2 ß.
CVE-2025-23890 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tom Ewer and Tito Pandu Easy Tweet Embed allows DOM-Based XSS.This issue affects Easy Tweet Embed: from n/a through 1.7.
CVE-2025-23891 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vincent Loy Yet Another Countdown allows DOM-Based XSS.This issue affects Yet Another Countdown: from n/a through 1.0.1.
CVE-2025-23892 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Furr and Simon Ward Progress Tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through 0.9.3.
CVE-2025-23893 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Manuel Costales GMap Shortcode allows DOM-Based XSS.This issue affects GMap Shortcode: from n/a through 2.0.
CVE-2025-23895 -- Cross-Site Request Forgery (CSRF) vulnerability in Dan Cameron Add RSS allows Stored XSS.This issue affects Add RSS: from n/a through 1.5.
CVE-2025-23896 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oncle Tom Mindmeister Shortcode allows DOM-Based XSS.This issue affects Mindmeister Shortcode: from n/a through 1.0.
CVE-2025-23897 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ivo Brett – ApplyMetrics Apply with LinkedIn buttons allows DOM-Based XSS.This issue affects Apply with LinkedIn buttons: from n/a through 2.3.
CVE-2025-23898 -- Cross-Site Request Forgery (CSRF) vulnerability in Ivo Brett – ApplyMetrics Apply with LinkedIn buttons allows Stored XSS.This issue affects Apply with LinkedIn buttons: from n/a through 2.3.
CVE-2025-23899 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BnB Select Ltd Bookalet allows Stored XSS.This issue affects Bookalet: from n/a through 1.0.3.
CVE-2025-23900 -- Cross-Site Request Forgery (CSRF) vulnerability in Genkisan Genki Announcement allows Cross Site Request Forgery.This issue affects Genki Announcement: from n/a through 1.4.1.
CVE-2025-23901 -- Cross-Site Request Forgery (CSRF) vulnerability in Oliver Schaal GravatarLocalCache allows Cross Site Request Forgery.This issue affects GravatarLocalCache: from n/a through 1.1.2.
CVE-2025-23902 -- Cross-Site Request Forgery (CSRF) vulnerability in Taras Dashkevych Error Notification allows Cross Site Request Forgery.This issue affects Error Notification: from n/a through 0.2.7.
CVE-2025-23907 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in closed SOCIAL.NINJA allows Stored XSS. This issue affects SOCIAL.NINJA: from n/a through 0.2.
CVE-2025-23908 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rami Yushuvaev Pastebin allows Stored XSS.This issue affects Pastebin: from n/a through 1.5.
CVE-2025-23909 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Common Ninja Compare Ninja allows Stored XSS.This issue affects Compare Ninja: from n/a through 2.1.0.
CVE-2025-23911 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solidres Team Solidres – Hotel booking plugin allows SQL Injection.This issue affects Solidres – Hotel booking plugin: from n/a through 0.9.4.
CVE-2025-23912 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typomedia Foundation WordPress Custom Sidebar allows Blind SQL Injection.This issue affects WordPress Custom Sidebar: from n/a through 2.3.
CVE-2025-23913 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pankajpragma, rahulpragma WordPress Google Map Professional allows SQL Injection.This issue affects WordPress Google Map Professional: from n/a through 1
CVE-2025-23916 -- Missing Authorization vulnerability in Nuanced Media WP Meetup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meetup: from n/a through 2.3.0.
CVE-2025-23917 -- Missing Authorization vulnerability in Chandrika Guntur, Morgan Kay Chamber Dashboard Business Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chamber Dashboard Business Directory: from n/a through 3.3.
CVE-2025-23919 -- Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Ella van Durpe Slides & Presentations allows Code Injection.This issue affects Slides & Presentations: from n/a through 0.0.39.
CVE-2025-23922 -- Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder allows Upload a Web Shell to a Web Server.This issue affects iSpring Embedder: from n/a through 1.0.
CVE-2025-23924 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jérémy Heleine WP Photo Sphere allows Stored XSS.This issue affects WP Photo Sphere: from n/a through 3.8.
CVE-2025-23925 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jimmy Peña Feedburner Optin Form allows Stored XSS.This issue affects Feedburner Optin Form: from n/a through 0.2.8.
CVE-2025-23926 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TC Ajax WP Query Search Filter allows Stored XSS.This issue affects Ajax WP Query Search Filter: from n/a through 1.0.7.
CVE-2025-23927 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Massimo Serpilli Incredible Font Awesome allows Stored XSS.This issue affects Incredible Font Awesome: from n/a through 1.0.
CVE-2025-23928 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Arsovski Google Org Chart allows Stored XSS.This issue affects Google Org Chart: from n/a through 1.0.1.
CVE-2025-23929 -- Missing Authorization vulnerability in wishfulthemes Email Capture & Lead Generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email Capture & Lead Generation: from n/a through 1.0.2.
CVE-2025-23930 -- Missing Authorization vulnerability in iTechArt-Group PayPal Marketing Solutions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Marketing Solutions: from n/a through 1.2.
CVE-2025-23933 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpFreeware WpF Ultimate Carousel allows Stored XSS.This issue affects WpF Ultimate Carousel: from n/a through 1.0.11.
CVE-2025-23934 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PromoSimple Giveaways and Contests by PromoSimple allows Stored XSS.This issue affects Giveaways and Contests by PromoSimple: from n/a through 1.24.
CVE-2025-23935 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Plugin Factory Magic Google Maps allows Stored XSS.This issue affects Magic Google Maps: from n/a through 1.0.4.
CVE-2025-23936 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Harun R. Rayhan (Cr@zy Coder) CC Circle Progress Bar allows Stored XSS.This issue affects CC Circle Progress Bar: from n/a through 1.0.0.
CVE-2025-23939 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiem Khan Image Switcher allows Stored XSS.This issue affects Image Switcher: from n/a through 1.1.
CVE-2025-23940 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiem Khan Image Switcher allows Stored XSS.This issue affects Image Switcher: from n/a through 0.1.1.
CVE-2025-23941 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meinturnierplan.de Team MeinTurnierplan.de Widget Viewer allows Stored XSS.This issue affects MeinTurnierplan.de Widget Viewer: from n/a through 1.1.
CVE-2025-23943 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arul PDF.js Shortcode allows Stored XSS.This issue affects PDF.js Shortcode: from n/a through 1.0.
CVE-2025-23946 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in le Pixel Solitaire Enhanced YouTube Shortcode allows Stored XSS.This issue affects Enhanced YouTube Shortcode: from n/a through 2.0.1.
CVE-2025-23947 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M.J WP-Player allows Stored XSS.This issue affects WP-Player: from n/a through 2.6.1.
CVE-2025-23950 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Said Shiripour EZPlayer allows Stored XSS.This issue affects EZPlayer: from n/a through 1.0.10.
CVE-2025-23951 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DivEngine Gallery: Hybrid – Advanced Visual Gallery allows Stored XSS.This issue affects Gallery: Hybrid – Advanced Visual Gallery: from n/a through 1.4.
CVE-2025-23954 -- Missing Authorization vulnerability in AWcode & KingfisherFox Salvador – AI Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salvador – AI Image Generator: from n/a through 1.0.11.
CVE-2025-23955 -- Missing Authorization vulnerability in xola.com Xola allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xola: from n/a through 1.6.
CVE-2025-23957 -- Missing Authorization vulnerability in Sur.ly Sur.ly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sur.ly: from n/a through 3.0.3.
CVE-2025-23961 -- Missing Authorization vulnerability in WP Tasker WordPress Graphs & Charts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Graphs & Charts: from n/a through 2.0.8.
CVE-2025-23962 -- Missing Authorization vulnerability in Goldstar Goldstar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Goldstar: from n/a through 2.1.1.
CVE-2025-23963 -- Missing Authorization vulnerability in Sven Hofmann & Michael Schoenrock Mark Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark Posts: from n/a through 2.2.3.
CVE-2025-23965 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kopatheme Kopa Nictitate Toolkit allows Stored XSS.This issue affects Kopa Nictitate Toolkit: from n/a through 1.0.2.