defu 安全漏洞

Defu is a lightweight tool library developed by UnJS for recursively merging default values. Versions of Defu prior to 6.1.5 contained security vulnerabilities; these vulnerabilities stemmed from the practice of passing uncleaned user input into the Defu functions, which could lead to prototype...

EUVD-2020-0116

Malware in sbrugna...

EUVD-2023-56250

Malicious code in bioql PyPI...

EUVD-2023-56249

Malicious code in bioql PyPI...

EUVD-2023-57668

Malicious code in bioql PyPI...

📄 JS Archive List 6.1.5 SQL Injection

JS Archive List versions 6.1.5 and below suffer from a remote SQL injection vulnerability. CVE-2025-54726 JS Archive List = 6.1.5 - Unauthenticated SQL Injection Description The JS Archive List plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 6.1.5 due to...

CVE-2025-7670

The JS Archive List plugin for WordPress is vulnerable to time-based SQL Injection via the buildsqlwhere function in all versions up to, and including, 6.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2025-7670

CVE-2025-7670 – JS Archive List (WordPress) is a time-based SQL injection in the build_sql_where() path of all versions up to 6.1.5, due to insufficient escaping and query prep. This allows unauthenticated attackers to append SQL to existing queries and potentially leak sensitive data. Mitigation...

CVE-2025-7670 JS Archive List <= 6.1.5 - Unauthenticated SQL Injection via build_sql_where Function

The JS Archive List plugin for WordPress is vulnerable to time-based SQL Injection via the buildsqlwhere function in all versions up to, and including, 6.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

PT-2025-33712 · WordPress · Js Archive List

Name of the Vulnerable Software and Affected Versions: JS Archive List plugin for WordPress versions up to and including 6.1.5 Description: The JS Archive List plugin for WordPress is susceptible to time-based SQL Injection through the build sql where function. This is due to insufficient escapin...

CVE-2025-34062

An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directorytoken—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext respon...

PT-2025-27583 · One Identity · One Identity Onelogin Active Directory Connector

Name of the Vulnerable Software and Affected Versions: One Identity OneLogin Active Directory Connector versions prior to 6.1.5 Description: The issue concerns the mishandling of DirectoryToken encryption, also known as ST-812. This problem occurred due to an error in the encryption process...

CVE-2024-0365

The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators...

CVE-2023-51538

Cross-Site Request Forgery CSRF vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin.This issue affects Awesome Support – WordPress HelpDesk & Support Plugin: from n/a through 6.1.5...

CVE-2023-51537

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.5...

CVE-2021-37704

PhpFastCache is a high-performance backend cache system packagist package phpfastcache/phpfastcache. In versions before 6.1.5, 7.1.2, and 8.0.7 the phpinfo can be exposed if the /vendor is not protected from public access. This is a rare situation today since the vendor directory is often located...

CVE-2005-2155

PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and earlier allows remote attackers to execute arbitrary code via the serverPath parameter...

be.yildiz-games:module-messaging-activemq (=2.0.0), com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.107.0) +103 more potentially affected by CVE-2025-27533 via org.apache.activemq:activemq-client (>=6.0.0 <=6.1.5)

org.apache.activemq:activemq-client MAVEN version =6.0.0, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =7.0.0, =7.0.0, =7.0.0, =7.0.1 and more Source cves: CVE-2025-27533 Source advisory: OSV:GHSA-WHXR-3P84-RF3C...

Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence

A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change. The flaw, assigned the CVE identifier CVE-2025-24859 , carries a CVSS score of...

CVE-2025-24859

A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This...