EUVD-2025-11296

Malicious code in bioql PyPI...

WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin WordPress Event Manager, Event Calendar and Booking Plugin versions = 4.0.24...

CVE-2025-39584

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Arraytics Eventin wp-event-solution allows PHP Local File Inclusion.This issue affects Eventin: from n/a through = 4.0.25...

CVE-2025-39584

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.25...

CVE-2025-39584

CVE-2025-39584 corresponds to a WordPress Eventin vulnerability: an Authenticated Local File Inclusion via an improper filename control in the PHP include/require flow. Affected software is Eventin versions up to and including 4.0.25. The root cause is described as improper control of the filenam...

PT-2025-16610 · Eventin · Eventin

Name of the Vulnerable Software and Affected Versions: Eventin versions n/a through 4.0.25 Description: The issue is related to improper control of filename for include/require statement in PHP program, also known as PHP Remote File Inclusion, which allows PHP Local File Inclusion. Recommendation...

CVE-2024-24703

Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through 4.0.25...

WordPress plugin WC Marketplace security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

SUSE CVE-2017-5361

Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack...

CVE-2020-0566

Improper Access Control in subsystem for IntelR TXE versions before 3.175 and 4.0.25 may allow an unauthenticated user to potentially enable escalation of privilege via physical access...

DEBIAN-CVE-2017-5943

Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery CSRF verification tokens via a crafted URL...

CVE-2017-5361

Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack...

MySQL安全调用特权提升漏洞

MySQL是一款开放源代码的数据库程序。 MySQL在部分函数过程中不正确恢复访问特权，远程攻击者可以利用漏洞提升权限，进行其他攻击。 目前没有详细漏洞细节提供。 MySQL AB MySQL 5.1.17 MySQL AB MySQL 5.1.16 MySQL AB MySQL 5.1.15 MySQL AB MySQL 5.1.14 MySQL AB MySQL 5.1.13 MySQL AB MySQL 5.1.12 MySQL AB MySQL 5.1.11 MySQL AB MySQL 5.1.10 MySQL AB MySQL 5.1.9 MySQL AB MySQL 5.1...