EUVD-2025-28120

Malicious code in bioql PyPI...

EUVD-2025-28144

Malicious code in bioql PyPI...

CVE-2025-48148

Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Using Malicious Files.This issue affects StoreKeeper for WooCommerce: from n/a through = 14.4.4...

CVE-2025-48148

Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Using Malicious Files.This issue affects StoreKeeper for WooCommerce: from n/a through = 14.4.4...

CVE-2025-48148 WordPress StoreKeeper for WooCommerce Plugin <= 14.4.4 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Using Malicious Files.This issue affects StoreKeeper for WooCommerce: from n/a through = 14.4.4...

CVE-2025-48148

CVE-2025-48148 affects StoreKeeper for WooCommerce (WordPress plugin) up to version 14.4.4. Vulnerability: unrestricted upload of dangerous file types due to missing validation, enabling unauthenticated arbitrary file uploads (including PHP web shells) and potential remote code execution. Public ...

PT-2025-33911 · Woocommerce · Storekeeper For Woocommerce

Name of the Vulnerable Software and Affected Versions: StoreKeeper for WooCommerce versions through 14.4.4 Description: StoreKeeper for WooCommerce is susceptible to unrestricted file upload of dangerous file types, allowing the use of malicious files. Recommendations: Update StoreKeeper for...

CVE-2025-47687 WordPress StoreKeeper for WooCommerce <= 14.4.4 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects StoreKeeper for WooCommerce: from n/a through 14.4.4...

CVE-2021-39931

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches du...

BIT-GITLAB-2021-39927

Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443...

GitLab 13.2 < 14.3.6 / 14.4 < 14.4.4 / 14.5 < 14.5.2 (CVE-2021-39940)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitL...

GitLab 14.1.0 < 14.3.6 / 14.4.0 < 14.4.4 / 14.5.0 < 14.5.2 (CVE-2021-39943)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting...

XWiki 6.0-rc-1 < 13.10.10, 14.0-rc-1 < 14.4.4, 14.5 < 14.8 Open Redirect Vulnerability (GHSA-xwph-x6xj-wggv)

Xwiki is prone to an open redirect vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

CVE-2023-29204

XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as //mydomain.com i.e. omitting the http:. It was also possible to bypass it when using URL...

CVE-2023-29204 URL Redirection to Untrusted Site ('Open Redirect') in org.xwiki.platform:xwiki-platform-oldcore

XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as //mydomain.com i.e. omitting the http:. It was also possible to bypass it when using URL...

XWiki 3.2-m3 < 13.10.9, 14.x < 14.4.4, 14.5.x < 14.7 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (GHSA-5cf8-vrr8-8hjm)

Xwiki is prone to an exposure of sensitive information to an unauthorized actor vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

XWiki 3.1-milestone-1 < 13.10.9, 14.x < 14.4.4, 14.5.x < 14.7 Privilege Escalation Vulnerability (GHSA-8cw6-4r32-6r3h)

Xwiki is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescripti...

GHSA-8CW6-4R32-6R3H XWiki Platform may allow privilege escalation to programming rights via user's first name

Impact Any user can edit his own profile and inject code which is going to be executed with programming right. Steps to reproduce: Set your first name to cache id="userProfile"groovyprintln"Hello from groovy!"/groovy/cache The first name appears as interpreted "Hello from groovy" instead of the...

CVE-2023-26055

XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in all other places...

Code injection

XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in all other places...