EUVD-2025-9790

Malicious code in bioql PyPI...

EUVD-2024-19363

Malicious code in bioql PyPI...

EUVD-2025-9794

Malicious code in bioql PyPI...

1 Click WordPress Migration <= 2.2 - Unauthenticated Information Disclsoure

Description The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...

CVE-2025-32257

Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration 1-click-migration allows Retrieve Embedded Sensitive Data.This issue affects 1 Click WordPress Migration: from n/a through = 2.6.1...

CVE-2025-32257

CVE-2025-32257 affects the WordPress plugin 1 Click WordPress Migration (1-click-migration). The connected documents describe an information-disclosure vulnerability caused by uncleared debug information, allowing retrieval of embedded sensitive data. Exploitation is unauthenticated and requires ...

WordPress 1 Click WordPress Migration plugin <= 2.3.7 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Abdi Pranata in WordPress Plugin 1 Click WordPress Migration versions = 2.3.7...

CVE-2024-50478 WordPress 1-Click Login: Passwordless Authentication plugin 1.4.5 - Broken Authentication vulnerability

Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5...

WordPress 1-Click Login: Passwordless Authentication Plugin 1.4.5 is vulnerable to Broken Authentication

Software 1-Click Login: Passwordless Authentication Type Plugin Vulnerable versions 1.4.5 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-50478 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 2b1c10f4ccc7 Credits...

CVE-2024-28828

Cross-Site request forgery in Checkmk 2.3.0p8, 2.2.0p29, 2.1.0p45, and = 2.0.0p39 EOL could lead to 1-click compromize of the site...

CVE-2024-28828

Cross-Site request forgery in Checkmk 2.3.0p8, 2.2.0p29, 2.1.0p45, and = 2.0.0p39 EOL could lead to 1-click compromize of the site...

CVE-2024-28828

CVE-2024-28828 applies to Checkmk: CSRF vulnerability could allow 1-click site compromise in affected builds before 2.3.0p8, before 2.2.0p29, before 2.1.0p45, and

FreeBSD : Gitlab -- Vulnerabilities (f848ef90-1848-11ef-9850-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f848ef90-1848-11ef-9850-001b217b3468 advisory. Gitlab reports: 1-click account takeover via XSS in the code editor in gitlab.com A DOS...

Cross-Site Scripting (XSS)

github.com/alexxit/go2rtc is vulnerable for Cross-Site Scripting XSS. The vulnerability due to the links.html page appending the src GET parameter in all of its links for 1-click previews, where the context of appending is innerHTML, leading to the insertion of the text as HTML which results in X...

CVE-2024-21749

Cross-Site Request Forgery CSRF vulnerability in Atakan Au 1 click disable all.This issue affects 1 click disable all: from n/a through 1.0.1...

CVE-2024-21749

CVE-2024-21749 affects the WordPress plugin “1 click disable all” (Atakan Au) with vulnerable versions

WordPress 1 Click Close Store Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software 1 Click Close Store Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5d6ea0096ad8 Credits Rafie Muhammad Patchstack...

Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug

Advanced persistent threat group Fancy Bear is behind a phishing campaign that uses the specter of nuclear war to exploit a known one-click Microsoft flaw. The goal is to deliver malware that can steal credentials from the Chrome, Firefox and Edge browsers. The attacks by the Russia-linked APT ar...

GitHub Desktop (MacOS) Code Execution Vulnerability

Github Desktop is an application that allows users to interact with GitHub using a GUI rather than a command line or web browser.The GitHub Desktop macOS code execution vulnerability allows attackers to use URLs such as smb or openlocalrepo to implement a 1 click RCE attack, which results in code...

CVE-2021-27930

Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated or compromised user to inject malicious JavaScript in folder/file name within the application in order to grab other users’ sessions or execute malicious code in their browsers 1-click RCE...