EUVD-2025-28822

Malicious code in bioql PyPI...

CVE-2025-9296

A security vulnerability has been detected in Emlog Pro up to 2.5.18. This affects an unknown function of the file /admin/blogger.php?action=updateavatar. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...

Emlog Pro 安全漏洞

Emlog Pro is a blogging system from Emlog open source. A security vulnerability exists in Emlog Pro 2.5.18 and earlier versions, which stems from an incorrect manipulation of the parameter image leading to unlimited uploads...

CVE-2025-9173

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The file upload in include/service/media.php verifies the file extension based on a list defined in...

CVE-2025-9173

...

PT-2025-34036 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: Emlog Pro versions through 2.5.18 Description: A weakness has been identified that allows for unrestricted file upload. This issue affects the processing of the file /admin/media.php?action=upload&sid=0. Manipulation of the File argument can...

CVE-2024-49628

Cross-Site Request Forgery CSRF vulnerability in whiletrue Most And Least Read Posts Widget most-and-least-read-posts-widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through = 2.5.18...

CVE-2024-49628

CVE-2024-49628 is a CSRF vulnerability in the WordPress plugin Most And Least Read Posts Widget (WhileTrue) affecting versions 2.5.18 and earlier. Unauthenticated attackers could exploit CSRF to perform unintended actions. The issue is fixed in version 2.5.19; update the plugin to 2.5.19 or later...

WordPress plugin Most And Least Read Posts Widget 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin Most And Least...

WordPress Most And Least Read Posts Widget Plugin <= 2.5.18 is vulnerable to Cross Site Request Forgery (CSRF)

Software Most And Least Read Posts Widget Type Plugin Vulnerable versions = 2.5.18 Fixed in 2.5.19 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-49628 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f9657dfe35e8 Credits SOPROB...

WordPress Search Filter Pro plugin < 2.5.18 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Felipe Caon in WordPress Plugin Search Filter Pro versions 2.5.18...

WordPress Search Filter Pro Plugin < 2.5.18 is vulnerable to Cross Site Scripting (XSS)

Software Search Filter Pro Type Plugin Vulnerable versions 2.5.18 Fixed in 2.5.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6481 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0f5364627440 Credits Felipe Caon Required...

PT-2024-37657 · WordPress · Search & Filter Pro

Name of the Vulnerable Software and Affected Versions: Search & Filter Pro WordPress plugin versions prior to 2.5.18 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

CVE-2006-5969

CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308...

WordPress Google Doc Embedder 2.5.18 Cross Site Scripting

Title: WordPress 'Google Doc Embedder' plugin - XSS Version: 2.5.18 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2015/01/26 Download: https://wordpress.org/plugins/google-document-embedder/ Contacted WordPress: 2015/01/26 ==========================================================...

CVE-2006-5969

CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308...

CVE-2006-5969

CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308...

CVE-2006-5969

CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308...

CVE-2006-5969

CVE-2006-5969 affects fvwm up to 2.5.18 (and earlier variants) with a CRLF injection in the evalFolderLine path used by fvwm-menu-directory. The issue allows local attackers to run arbitrary commands by crafting directory names that trigger the shell, as described for a variant of CVE-2003-1308. ...

CVE-2006-5969

CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308...