Cross-Site Request Forgery (CSRF) in Virgial Berveling’s Manage Notification E-mails plugin <= 1.8.2 on WordPress. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını…

A loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lepton image compression tool, resulting in a…

The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in…

IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407.…

Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims’s username and hashed password to spoof the victim’s id against…

Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of…

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has…

An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet. Zafiyet ile ilgili Genel Bilgi,…

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to…

The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged…