87 matches found
EUVD-2006-4486
Malware in sbrugna...
EUVD-2024-31336
Malicious code in bioql PyPI...
EUVD-2025-23463
Malicious code in bioql PyPI...
EUVD-2024-31339
Malicious code in bioql PyPI...
CVE-2025-52132
The Mocca Calendar application before 2.15 for XWiki allows XSS via a title to the view event page...
PT-2025-31764 · Unknown · Mocca Calendar
Name of the Vulnerable Software and Affected Versions: Mocca Calendar versions prior to 2.15 Description: The Mocca Calendar application allows for cross-site scripting XSS via the background or text color field. Recommendations: Update Mocca Calendar to version 2.15 or later...
XWiki Contrib Mocca Calendar Application 跨站脚本漏洞
XWiki Contrib Mocca Calendar Application is an open source XWiki plugin for XWiki Contrib. A cross-site scripting vulnerability exists in XWiki Contrib Mocca Calendar Application versions prior to 2.15, which stems from cross-site scripting in the calendar import header...
CVE-2025-52132
CVE-2025-52132 affects the Mocca Calendar application for XWiki (pre-2.15). The vulnerability is an XSS flaw triggered by the title on the View Event page. Affected versions are Mocca Calendar prior to 2.15. The root cause is an improper sanitization/encoding of the title parameter on the event v...
PT-2025-31766 · Unknown · Mocca Calendar
Name of the Vulnerable Software and Affected Versions: Mocca Calendar versions prior to 2.15 Description: The Mocca Calendar application is susceptible to a cross-site scripting XSS issue. This occurs through a specially crafted title during calendar import. Recommendations: Update Mocca Calendar...
CVE-2025-52133
The Mocca Calendar application before 2.15 for XWiki allows XSS via a title upon calendar import...
📄 Off 2.15 Unauthenticated Remote System Control
Off version 2.15 exposes a TCP service on 1984 port that allows unauthenticated attackers to issue remote system control commands such as Shutdown, Restart, Lock, Sleep, and Hibernate. Exploit Title: Off 2.15 - Unauthenticated Remote System Control Date: 25/06/25 Exploit Author: Chokri Hammedi...
MENNEKES Charging column Smart 安全漏洞
MENNEKES Charging column Smart is a smart charging column from MENNEKES. A security vulnerability exists in MENNEKES Charging column Smart versions prior to 2.15, which originates from the ability to read arbitrary files...
CVE-2024-9989
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method call to 'cryptoconnectajaxprocess::login' function in the 'cryptoconnectajaxprocess' function. This makes it possible for unauthenticated...
CVE-2024-9988
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due to missing validation on the user being supplied in the 'cryptoconnectajaxprocess::register' function. This makes it possible for unauthenticated attackers to log in as any...
CVE-2024-9988
CVE-2024-9988 (WordPress Crypto plugin) enables authentication bypass via crypto_connect_ajax_process::register, allowing unauthenticated login as existing users (e.g., admin). Publicly documented by Wordfence/Red Hat; patched in a later release (2.19) after disclosure; updates to 2.19+ are recom...
PT-2024-39986
Name of the Vulnerable Software and Affected Versions Crypto plugin for WordPress versions up to, and including, 2.15 Description The issue is related to authentication bypass. This is due to a limited arbitrary method call to crypto connect ajax process::log in function in the crypto connect aja...
PT-2024-39268 · WordPress · Bulk Noindex & Nofollow Toolkit
Name of the Vulnerable Software and Affected Versions: The Bulk NoIndex & NoFollow Toolkit plugin for WordPress versions up to, and including, 2.15 Description: The issue is related to Reflected Cross-Site Scripting due to the use of remove query arg without appropriate escaping on the URL. This...
OPENSUSE-SU-2024:13653-1 cpio-2.15-1.1 on GA media
These are all security issues fixed in the cpio-2.15-1.1 package on the GA media of openSUSE Tumbleweed...
RHEL 8 : glibc (RHSA-2024:2799)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2799 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name...
CVE-2024-33599
nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's nscd fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was...