CVE-2023-51513

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in INTINITUM FORM Geo Controller allows DOM-Based XSS.This issue affects Geo Controller: from n/a through 8.5.2...

CVE-2023-51513 WordPress Geo Controller plugin <= 8.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in INTINITUM FORM Geo Controller allows DOM-Based XSS.This issue affects Geo Controller: from n/a through 8.5.2...

TrueConf Client 安全漏洞

TrueConf Client is a video conferencing and collaboration software client from TrueConf Lithuania. A security vulnerability exists in TrueConf Client version 8.5.2, which stems from vulnerability to DLL hijacking attacks via a specially crafted wfapi.dll, which could lead to the execution of...

CVE-2025-66835

CVE-2025-66835 affects TrueConf Client 8.5.2. The vulnerability is a DLL hijacking issue triggered by a crafted wfapi.dll, enabling a local attacker to execute arbitrary code within the user’s context. Impact is confined to the user’s privileges/context as described; no in-wild exploitation detai...

CVE-2025-13315

Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password...

Twonky Server <= 8.5.2 Multiple Vulnerabilities - Version Check

Twonky Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:lynxtechnology:twonkyserver";...

Twonky Server <= 8.5.2 Authentication Bypass Vulnerability - Active Check

Twonky Server is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-13316

Twonky Server 8.5.2 on Linux and Windows is affected by CVE-2025-13316, a cryptographic flaw caused by hard-coded keys. An attacker who obtains the encrypted administrator password can decrypt it with the static keys to obtain the plaintext password and gain administrator-level access to Twonky S...

CVE-2025-12174

CVE-2025-12174 (Directorist WordPress plugin) : A missing capability check on directorist_prepare_listings_export_file and directorist_type_slug_change AJAX actions in all versions up to 8.5.2 allows authenticated users with Subscriber+ permissions to export listings and update slugs. This is a d...

EUVD-2017-12391

Malware in sbrugna...

EUVD-2019-10950

Malware in sbrugna...

EUVD-2022-39892

Malicious code in bioql PyPI...

CVE-2023-52120

Cross-Site Request Forgery CSRF vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.2...

CVE-2022-28975

A stored cross-site scripting XSS vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field...

CVE-2013-4600

Multiple cross-site scripting XSS vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 title parameter to system/workplace/views/admin/admin-main.jsp or the 2 requestedResource parameter to system/login/index.html...

WordPress WooCommerce plugin <= 8.5.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin WooCommerce versions = 8.5.2...

Infoblox NIOS Cross-Site Scripting Vulnerability

Infoblox NIOS is an operating system that powers Infoblox core network services. It ensures uninterrupted operation of the network infrastructure. A cross-site scripting vulnerability exists in Infoblox NIOS version v8.5.2-409296, which originates from a vulnerability that allows an attacker to...

PT-2024-11547

Name of the Vulnerable Software and Affected Versions Infoblox NIOS version 8.5.2-409296 Description A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field. This enables attackers to potentiall...

PT-2024-14417 · Unknown · Basix Nex-Forms

Name of the Vulnerable Software and Affected Versions: Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more versions n/a through 8.5.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into...

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.5.2 Fixed in 8.5.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-52120 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 6c987b0249e3 Credits...