60 matches found
EUVD-2026-11863
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through = 1.0.19...
CVE-2026-32368
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through = 1.0.19...
CVE-2026-32368
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through = 1.0.19...
PT-2026-25215
🟠 CVE-2026-32368 - High Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to L... https://t.co/AXMBUTPmnj https://t.co/FboOVVJUyL...
CVE-2025-69277 affecting package libsodium for versions less than 1.0.19-2
CVE-2025-69277 affecting package libsodium for versions less than 1.0.19-2. A patched version of the package is available...
CVE-2025-15444 affecting package libsodium for versions less than 1.0.19-2
CVE-2025-15444 affecting package libsodium for versions less than 1.0.19-2. A patched version of the package is available...
AZL-73751 CVE-2025-15444 affecting package libsodium for versions less than 1.0.19-2
Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium = 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://vulners.com/cve/CVE-2025-69277 . The libsodium...
Incomplete Comparison with Missing Factors
Overview Affected versions of this package are vulnerable to Incomplete Comparison with Missing Factors in the cryptocoreed25519isvalidpoint function when handling certain custom cryptography or untrusted data. An attacker can bypass intended cryptographic group membership checks by supplying...
AZL-73341 CVE-2025-69277 affecting package libsodium for versions less than 1.0.19-2
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group...
EUVD-2023-55072
Malicious code in bioql PyPI...
CVE-2025-7045
The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the deleteconfig action of the cssohandleactions function in all versions up to, and including, 1.0.19. This makes it possible for unauthenticated attackers to delete any...
CVE-2025-7040 Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Settings Modification via set_organization_settings Action
The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setorganizationsettings' action of the cssohandleactions function in all versions up to, and including, 1.0.19. The handler reads client-supplied POST parameters fo...
CVE-2025-7045 Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Identity Provider Deletion via delete_config Action
The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the deleteconfig action of the cssohandleactions function in all versions up to, and including, 1.0.19. This makes it possible for unauthenticated attackers to delete any...
CVE-2025-7040 Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Settings Modification via set_organization_settings Action
The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setorganizationsettings' action of the cssohandleactions function in all versions up to, and including, 1.0.19. The handler reads client-supplied POST parameters fo...
WordPress Cloud SAML SSO plugin <= 1.0.19 - Missing Authorization to Unauthenticated Settings Modification via set_organization_settings Action vulnerability
Missing Authorization to Unauthenticated Settings Modification via setorganizationsettings Action vulnerability discovered by kr0d in WordPress Plugin Cloud SAML SSO - Single Sign On Login versions = 1.0.19...
PT-2025-36356
Name of the Vulnerable Software and Affected Versions: Cloud SAML SSO plugin for WordPress versions up to and including 1.0.19 Description: The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the set organization settings...
PT-2025-36357
Name of the Vulnerable Software and Affected Versions: Cloud SAML SSO plugin for WordPress versions up to and including 1.0.19 Description: The Cloud SAML SSO plugin for WordPress is susceptible to Identity Provider Deletion. A missing capability check on the delete config action within the csso...
Malicious code in monolith-twirp-odometer-core (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 559151bc8f149e686c1483fbc9ed476a900c5109a87ed60f413125cf9d178db7 The OpenSSF Package Analysis project identified 'monolith-twirp-odometer-core' @ 1.0.19 rubygems as malicious. It is considered malicious becaus...
MAL-2025-46934 Malicious code in monolith-twirp-odometer-core (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 559151bc8f149e686c1483fbc9ed476a900c5109a87ed60f413125cf9d178db7 The OpenSSF Package Analysis project identified 'monolith-twirp-odometer-core' @ 1.0.19 rubygems as malicious. It is considered malicious becaus...
WordPress plugin Fleetwire Fleet Management 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...