103 matches found
Attackers Actively Exploiting Critical Vulnerability in Kali Forms Plugin
On March 2nd, 2026, we received a submission through our Bug Bounty Program for a Remote Code Execution vulnerability in Kali Forms, a WordPress plugin with more than 10,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to execute code on the server. T...
CVE-2022-0966
Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10...
CVE-2025-66070
Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through = 2.4.10...
CVE-2025-66070 WordPress wpForo Forum plugin <= 2.4.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through = 2.4.10...
EUVD-2025-204051
Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through = 2.4.10...
CVE-2025-66070 WordPress wpForo Forum plugin <= 2.4.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through = 2.4.10...
PT-2025-52194
Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through = 2.4.10...
WordPress plugin wpForo Forum 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress wpForo Forum plugin <= 2.4.9 - Authenticated (Susbscriber+) SQL Injection vulnerability
Authenticated Susbscriber+ SQL Injection vulnerability discovered by YCInfosec in WordPress Plugin wpForo Forum versions = 2.4.9...
EUVD-2021-1335
Malware in sbrugna...
EUVD-2025-18829
Malicious code in bioql PyPI...
EUVD-2024-3055
Malicious code in bioql PyPI...
EUVD-2022-1421
Malicious code in bioql PyPI...
Sangfor aTrust 安全漏洞
Sangfor aTrust is a zero-trust access control system from China-based Sangfor. A security vulnerability exists in Sangfor aTrust version 2.4.10 and earlier, which originates from allowing a user to modify the ExecStartPre command...
Improper Neutralization of Special Elements Used in a Template Engine
Overview nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine due to the misconfiguration of the Jinja2 templating feature. An attacker can expose secret values and...
CVE-2025-49142 Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...
Nautobot 安全漏洞
Nautobot is a web automation platform by the individual developers of Nautobot. A security vulnerability exists in Nautobot versions prior to 2.4.10 and prior to 1.6.32, which stems from a misconfigured Jinja2 template that could lead to data leakage or tampering...
Nautobot 信息泄露漏洞
Nautobot is a web automation platform by the individual developer of Nautobot. An information disclosure vulnerability exists in Nautobot versions prior to v2.4.10 and v1.6.32, which stems from not enforcing user authentication and could lead to the retrieval of files by an anonymous user...
CVE-2021-24660
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode...
CVE-2021-32823
In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit. In combination with...