EUVD-2022-55999

backpack/crud provides Create, Read, Update & Delete CRUD functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could conduct a targeted phishing...

CVE-2026-32396

Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through = 5.0.13...

EUVD-2026-11911

Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through = 5.0.13...

CVE-2026-32396 WordPress Team plugin <= 5.0.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through = 5.0.13...

Unity Linux 20.1070e Security Update: python-django (UTSA-2026-005917)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005917 advisory. An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap method and wordwrap template filter are...

EUVD-2020-7268

Malware in sbrugna...

EUVD-2022-43138

Malicious code in bioql PyPI...

EUVD-2023-0618

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-11683

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - udpgroreceivesegment in net/ipv4/udpoffload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service slab-out-of-bounds memo...

CVE-2013-5966

Cross-site scripting XSS vulnerability in ZK Framework before 5.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

aldryn-django (>=5.0.10.0 <=5.0.11.0), artd-customer (>=0.0.20 <=0.0.23) +65 more potentially affected by CVE-2025-27556 via django (>=5.0.0 <=5.0.13)

django PYPI version =5.0.0, =5.0.10.0, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.5, =0.0.11, =1.0.3, =1.0.0, =6.0.0, =2.8.1, =0.3.0, =0.35.0 and more Source cves: CVE-2025-27556 Source advisory: SNYK:PYTHON-DJANGO-9634162...

PYSEC-2025-13

An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings...

CVE-2020-15259

ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if the user visits a malicious page containing CSRF payload on the same machine that has access to th...

WordPress Download Monitor Plugin <= 5.0.13 is vulnerable to Broken Access Control

Software Download Monitor Type Plugin Vulnerable versions = 5.0.13 Fixed in 5.0.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10399 Patch priority Low CVSS severity Low 4.3 Developer WPChill PSID 4c314a68f652 Credits Trương Hữu Phúc truonghuuphuc...

CVE-2024-8943

The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing...

MongoDB Server Library Local Privilege Escalation Vulnerability (SERVER-69507) - Linux

MongoDB is prone to a local privilege escalation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb";...

CVE-2024-31207 Vite's `server.fs.deny` did not deny requests for patterns with directories

Vite French word for "quick", pronounced /vit/, like "veet" is a frontend build tooling to improve the frontend development experience.server.fs.deny does not deny requests for patterns with directories. This vulnerability has been patched in versions 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.1...

CVE-2024-31207 Vite's `server.fs.deny` did not deny requests for patterns with directories

Vite French word for "quick", pronounced /vit/, like "veet" is a frontend build tooling to improve the frontend development experience.server.fs.deny does not deny requests for patterns with directories. This vulnerability has been patched in versions 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.1...

PT-2023-23713 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe Framework versions prior to 4.13.4 Silverstripe Framework versions prior to 5.0.13 Description: The issue arises when a new member record is created without setting a password, resulting in an empty encrypted password. If an...

Security Bulletin: Daeja ViewONE may be affected by Bouncy Castle Vulnerability (CVE-2023-33201)

Summary ViewONE has a bundled version of Bouncy Castle containing a known security issue. Vulnerability Details CVEID:CVE-2023-33201 DESCRIPTION: The Bouncy Castle Crypto Package For Java bc-java could allow a remote attacker to obtain sensitive information, caused by not validating the X.500 nam...