2026-05-07 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2017-2404 | n/a - n/a | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the “Quick Look” component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016. | CNA n/a CVSS3.1: 3.3 - LOW | 0 1 2 3 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2023-54346 | Backupbliss - WordPress Plugin Backup Migration | WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then construct direct download URLs to retrieve sensitive backup archives containing full database dumps. | CVSS4.0: 8.7 - HIGH CVSS3.1: 7.5 - HIGH | 0 1 2 3 | Exploitation: pocAutomatable: yesTechnical Impact: partial | WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download | github |
| CVE-2025-59854 | HCL - DFXAnalytics | HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a robust Content Security Policy (CSP). | CVSS3.1: 3.1 - LOW | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability | github |
This post is licensed under CC BY 4.0 by the author.