CVE-2026-30760

An issue in SourceBans Material Admin before v.1.1.6 3ecd95e allows attackers to manipulate arbitrary user data in the web app via a crafted XAJAX call...

WordPress WP-CRM System plugin unauthorized access vulnerability

The WordPress WP-CRM System plugin is a Customer Relationship Management CRM tool designed for WordPress websites that allows users to manage customer data, tasks and projects directly from the WordPress backend. WordPress WP-CRM System plugin suffers from an unauthorized access vulnerability tha...

CVE-2025-11887 Supervisor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Supervisor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...

EUVD-2019-6758

Malware in sbrugna...

EUVD-2021-11600

Malware in sbrugna...

EUVD-2011-1411

Malware in sbrugna...

EUVD-2020-24108

Malware in sbrugna...

EUVD-2025-14013

Malicious code in bioql PyPI...

EUVD-2023-57823

Malicious code in bioql PyPI...

EUVD-2023-44622

Malicious code in bioql PyPI...

TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system from TYPO3 open source. A security vulnerability exists in TYPO3 CMS, which stems from a lack of authorization checking in the back-end routing, which could lead to unauthorized AJAX calls. The following versions are affected: 9.5.54 and earlier, 10.4.53 a...

CVE-2023-5509

The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions...

CVE-2023-3999

The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create and...

CVE-2020-36666

The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPre...

CVE-2025-43926

An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other...

CVE-2025-43926

An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other...

CVE-2025-43926

An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other...

CVE-2025-43926

Znuny vulnerability CVE-2025-43926 affects versions 6.5.14 and 7.x up to 7.1.6. The issue arises from Custom AJAX calls to AgentPreferences UpdateAJAX, allowing arbitrary keys to be set as user preferences. When GetUserData fetches data, these keys/values are passed to other function calls and ma...

CVE-2025-2290

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the deleteaccessplan function and the related AJAX calls in all versions up to, and including, 8.0.1. This makes it possible for...

CVE-2024-7714 AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatB...