Tagged: Cybersecurity Alert

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing...

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or...

IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading...

The Team Members plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the first and last name fields in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output...

SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged (non-admin) users can assign the is_project_admin permission to their own user. This allows users to read,...

Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized...

get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. When the iss (issuer) claim is validated only...

Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions starting from 3.8.0 to before 4.11.0, wazuh-analysisd is vulnerable to a heap buffer overflow when parsing XML...

WeGIA is a Web manager for charitable institutions. Prior to version 3.5.0, WeGIA is vulnerable to SQL Injection attacks in the control.php endpoint with the following parameters: nomeClasse=ProdutoControle&metodo=excluir&id_produto=[malicious command]. It is necessary to apply...

IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user. More information : https://www.ibm.com/support/pages/node/7246267

Formbricks is an open source qualtrics alternative. Prior to version 4.0.1, Formbricks is missing JWT signature verification. This vulnerability stems from a token validation routine that only decodes JWTs (jwt.decode) without verifying their signatures....

Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified....

A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be...

A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /module/Api/aluno. This manipulation of the argument aluno_id causes improper authorization. The attack may be initiated...