50 matches found
CVE-2026-7051
The CVE-2026-7051 entry concerns the Blog2Social WordPress plugin (versions up to 8.9.0) with a Missing Authorization issue. The root cause is missing blog_user_id constraints in B2S_Post_Tools::deleteUserPublishPost() and deleteUserSchedPost(), allowing an authenticated subscriber+ to delete oth...
WordPress Blog2Social: Social Media Auto Post & Scheduler plugin <= 8.9.0 - Missing Authorization to Authenticated (Subscriber+) Delete Arbitrary B2S Post Records vulnerability
Missing Authorization to Authenticated Subscriber+ Delete Arbitrary B2S Post Records vulnerability discovered by awhacken in WordPress Plugin Blog2Social versions = 8.9.0...
Injection in Confluence Data Center
This High severity Injection vulnerability was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This Injection vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N...
@voiceflow/alexa-types (>=2.0.0 <=2.16.3), @voiceflow/api-sdk (>=3.0.0 <=3.29.3) +11 more potentially affected by unknown CVE via @voiceflow/common (>=8.10.0 <=8.9.0)
@voiceflow/common NPM version =8.10.0, =2.0.0, =3.0.0, =2.50.1, =2.0.0, =3.0.0, =2.0.0, =2.0.0, =1.0.3, =1.3.3, =1.0.0, =2.0.0, =3.2.20, =1.0.3, =1.7.13 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191340...
CVE-2025-64493
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind time-based SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the...
CVE-2025-64493
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind time-based SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the...
CVE-2025-64493
In SuiteCRM versions 8.6.0–8.9.0, an authenticated, blind (time-based) SQL injection exists in the appMetadata operation of the GraphQL API, allowing extraction of arbitrary data without admin access. Affected component: GraphQL API, operation appMetadata. Root cause: improper handling/validation...
EUVD-2025-38346
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 8.9.0 and below contain a time-based blind SQL Injection vulnerability. This vulnerability allows an authenticated attacker to infer data from the database by measuring response times,...
CVE-2025-64492
SuiteCRM 8.9.0 and earlier are affected by a time-based blind SQL injection that requires authentication. The vulnerability lets an attacker infer data from the database by measuring response times, enabling enumeration of database, table, and column names and potentially extracting sensitive dat...
CVE-2025-64492 SuiteCRM is Vulnerable to Authenticated Time Based Blind SQL Injection
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 8.9.0 and below contain a time-based blind SQL Injection vulnerability. This vulnerability allows an authenticated attacker to infer data from the database by measuring response times,...
EUVD-2025-26188
Malicious code in bioql PyPI...
EUVD-2022-49556
Malicious code in bioql PyPI...
CVE-2025-40704
Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...
CVE-2025-40703
Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...
CVE-2025-40708
Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...
CVE-2025-40703
Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...
CVE-2025-40704
Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...
CVE-2025-40703
Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...
PT-2025-35206
Name of the Vulnerable Software and Affected Versions: OpenAtlas version 8.9.0 Description: An issue exists in OpenAtlas that may allow a remote user to send specially crafted queries to an authenticated user and potentially steal their session cookie details. This is due to inadequate validation...
PT-2025-35208
Name of the Vulnerable Software and Affected Versions: OpenAtlas version 8.9.0 Description: A Cross-Site Scripting XSS issue exists due to inadequate validation of user input when a POST request is sent. This could allow a remote user to send specially crafted queries to an authenticated user and...