Incorrect Access Control in the AJAX endpoint functionality in jonkastonka Cookies and Content Security Policy plugin through version 2.29 allows remote attackers to cause a denial of service (database server resource exhaustion) via unlimited database write operations to the wp_ajax_nopriv_cacsp_insert_consent_data endpoint.

CVE Database V5

Detailed information about CVE-2025-51529: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-51529: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-51529: n/a

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a remote attacker-controlled server, potentially leading to unauthorized actions within the application.

Detailed information about CVE-2025-50579: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-50579: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-50579: n/a

nginx-defender is a high-performance, enterprise-grade Web Application Firewall (WAF) and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files
config.yaml and docker-compose.yml contain default credentials (default_password: "change_me_please", GF_SECURITY_ADMIN_PASSWORD=admin123). If users deploy nginx-defender without changing these defaults, attackers with network access could gain administrative control, bypassing security protections. The issue is addressed in v1.5.0 and later.

Detailed information about CVE-2025-55740: CWE-1392: Use of Default Credentials in Anipaleja nginx-defender affecting Anipaleja nginx-defender. Get real-time up

CVE-2025-55740: CWE-1392: Use of Default Credentials in Anipaleja nginx-defender - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-55740: CWE-1392: Use of Default Credentials in Anipaleja nginx-defender

An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_password endpoint.

Detailed information about CVE-2025-51543: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-51543: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-51543: n/a

Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the List All Email Addresses function.

Detailed information about CVE-2025-50926: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-50926: n/a

CVE-2025-50926: n/a

Description

Technical Details

Related Threats

CVE-2025-51529: n/a

CVE-2025-50579: n/a

CVE-2025-55740: CWE-1392: Use of Default Credentials in Anipaleja nginx-defender

CVE-2025-51543: n/a

CVE-2025-9156: SQL Injection in itsourcecode Sports Management System

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility