Skip to main content
CVE-2025-67626 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Angel Costa WP SEO Search wp-seo-search allows Cross Site Request Forgery.This issue affects WP SEO Search: from n/a through <= 1.1. [CVSS 4.3 MEDIUM]

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22359 MEDIUM This Month

AA-Team Wordpress Movies Bulk Importer movies importer is affected by cross-site request forgery (csrf) (CVSS 4.3).

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22458 MEDIUM This Month

Mikado-Themes Wanderland version 1.5 and earlier contains an authorization bypass that allows unauthenticated remote attackers to access restricted functionality due to improperly configured access controls. The vulnerability enables information disclosure with no patch currently available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-63051 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through < 19.9.9.4. [CVSS 4.3 MEDIUM]

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24332 MEDIUM This Month

Discord's WebSocket API inadvertently discloses whether users have set their status to Invisible rather than offline by including them in the presences array, contradicting the privacy expectation that Invisible users appear completely offline. An authenticated attacker can exploit this information disclosure to determine the true online status of Discord users. No patch is currently available as of January 2026.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-20888 MEDIUM PATCH This Month

Gitea fails to enforce proper authorization checks when users attempt to cancel scheduled auto-merges through the web interface, allowing any user with pull request read access to cancel merge operations initiated by other users. This authorization bypass could disrupt automated workflows and merge processes across repositories. A patch is available to address this vulnerability.

Authentication Bypass Gitea Red Hat Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24387 MEDIUM This Month

Arul Prasad J WP Quick Post Duplicator wp-quick-post-duplicator is affected by missing authorization (CVSS 4.3).

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-32056 MEDIUM This Month

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. [CVSS 4.0 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
4.0
EPSS
0.0%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy