Tagged: Cybersecurity Alert

An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance. Looker-hosted and Self-hosted were...

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests. More information : https://www.haproxy.com/blog/october-2025-cve-2025-11230-haproxy-mjson-library-denial-of-service-vulnerability

A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to...

Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.2.0 before 5.2.12. More information : https://support.upkeeper.se/hc/en-us/articles/23693858370076-CVE-2025-11446-Insertion-of-Sensitive-Information-into-Log-File

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 4.13.0 due to insufficient input sanitization...

The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple social media username parameters in all versions...

The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.9.1. This is due to the plugin’s use of extract() on attacker-controlled shortcode attributes within...

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Improper Authorization leading to Sensitive Post Meta Disclosure in versions up to and including 1.3.2. This is due to missing object-level authorization checks...

Out-of-bounds Read in Shelly Pro 3EM (before v1.4.4) allows Overread Buffers. More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-322-03

The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces (wp_rest) to...

Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6) allows Excessive Allocation via network. More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-322-02

The FunnelKit – Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `wfop_phone` shortcode in all versions up to, and including, 3.13.1.2. This is due to insufficient...

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wppb-embed shortcode in all versions up to,...

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.33.1. This is due to deserialization of untrusted...