For individuals

Improper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary website via the...

The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download...

Locally installed application can bypass the permission check and perform system operations that require permission.

Some parameters of the alarm clock module are improperly stored, leaking some sensitive information.

CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete control of the device when an authenticated user installs malicious code into HMI product.

The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23. This is due to missing or incorrect nonce validation. This...

The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on a...

The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for...

The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.64.3. This is due to missing or incorrect nonce validation on the...

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in...