cpp-httplib Untrusted Header Handling Vulnerability Leading to Log Poisoning Volerion Risk Score: 7.3 Why this matters cpp-httplib versions 0.26.0 and earlier trust attacker-supplied X-Forwarded-For and X-Real-IP headers without validation. An unauthenticated remote attacker can spoof client IP information, leading to log poisoning that undermines the integrity of audit trails and monitoring. Recommended actions Upgrade to cpp-httplib 0.27.0 or later, which disables acceptance of untrusted...
about 8 hours ago • 1 min read
LearnPress WordPress LMS Plugin Sensitive Information Disclosure Vulnerability Volerion Risk Score: 7.4 Why this matters The LearnPress WordPress LMS plugin (versions ≤ 4.2.9.4) fails to enforce capability checks on the /wp-json/lp/v1/load_content_via_ajax REST endpoint. Unauthenticated attackers can invoke admin-only template callbacks and retrieve sensitive educational content—such as course curricula, quiz questions with correct answers, and other protected materials—directly via the...
15 days ago • 1 min read
ThinkPHP Remote Code Execution Vulnerability in Template File Inclusion Volerion Risk Score: 7.9 Why this matters The template file inclusion mechanism in ThinkPHP 5.0.24 can be abused to load attacker-controlled files containing PHP code. Successful exploitation leads to unauthenticated remote code execution on the web server, granting full control over the application and underlying host. Recommended actions Update ThinkPHP to a version that addresses this vulnerability. Implement strict...
15 days ago • 1 min read
ThinkPHP Arbitrary File Read Vulnerability Volerion Risk Score: 7.8 Why this matters In ThinkPHP 5.0.24, the fetch() function in Template.php improperly processes template paths. A remote attacker can supply directory-traversal sequences (e.g. ../../../../password.txt) that are passed to file_get_contents(), allowing unauthorized reading of sensitive server files such as configuration or credential stores. Recommended actions Upgrade to a non-vulnerable release of ThinkPHP. Implement strict...
15 days ago • 1 min read
Parse Server Allowing Public Explain Queries Vulnerability Volerion Risk Score: 7.4 Why this matters In Parse Server versions prior to 8.5.0-alpha.5, any client—without possessing the master key—can run MongoDB explain queries. This exposes detailed information about database schema, indexes, and query performance, giving attackers valuable reconnaissance data that can aid in further exploitation or lateral movement. Recommended actions Upgrade Parse Server to 8.5.0-alpha.5 or later where the...
25 days ago • 1 min read
The Events Calendar WordPress Plugin Blind SQL Injection Vulnerability Volerion Risk Score: 7.1 Why this matters Versions 6.15.1.1–6.15.9 of The Events Calendar plugin for WordPress fail to properly escape user-supplied input in the s parameter. An unauthenticated attacker can leverage this flaw to perform blind SQL injection and extract sensitive data from the WordPress database. Recommended actions Update The Events Calendar plugin to version 6.15.10 or any newer patched release. Affected...
about 1 month ago • 1 min read
lighttpd Trailer Field Merging Vulnerability Leading to HTTP Header Smuggling Volerion Risk Score: 7.9 Why this matters In lighttpd 1.4.80, disallowed HTTP trailer fields such as Connection or Forwarded are improperly merged into the header section. An unauthenticated remote attacker can exploit this flaw to perform HTTP Header / Request Smuggling, potentially bypassing access-control rules or injecting malicious data into backend services. Recommended actions Upgrade to lighttpd 1.4.81 or...
about 1 month ago • 1 min read
Wazuh Buffer Over-Read Vulnerability in Expression Matching Component Volerion Risk Score: 7.6 Why this matters A buffer over-read in Wazuh (versions ≤ 4.11.2) occurs within the w_expression_match() function when the str_test parameter is allocated without proper NULL termination. A compromised agent can send a crafted message to the manager, causing reads past the buffer boundary and potentially exposing sensitive data from heap memory. Recommendation Upgrade Wazuh deployments to version...
about 1 month ago • 1 min read
LearnPress WordPress LMS Plugin Data Modification Vulnerability via Unauthenticated REST API Access Volerion Risk Score: 7.5 Why this matters The LearnPress LMS plugin registers administrative REST endpoints without proper capability checks. Unauthenticated attackers can call /wp-json/lp/v1/admin/tools/create-indexs and modify database indexes on any table, including critical WordPress core tables. Successful exploitation risks data integrity and can severely degrade site performance....
about 2 months ago • 1 min read
