EUVD-2025-27058

Malicious code in bioql PyPI...

EUVD-2022-50889

Malicious code in bioql PyPI...

CVE-2025-7827

The Ni WooCommerce Customer Product Report plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the niwoocpraction function in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-leve...

CVE-2025-3918 Job Listings 0.1 - 0.1.1 - Unauthenticated Privilege Escalation via register_action Function

The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the registeraction function in versions 0.1 to 0.1.1. The plugin’s registration handler reads the client-supplied $POST'userrole' and passes it directly to wpinsertuser without...

CVE-2025-3918 Job Listings 0.1 - 0.1.1 - Unauthenticated Privilege Escalation via register_action Function

The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the registeraction function in versions 0.1 to 0.1.1. The plugin’s registration handler reads the client-supplied $POST'userrole' and passes it directly to wpinsertuser without...

PT-2025-9182 · Unknown · Zorlan Skycaiji

Name of the Vulnerable Software and Affected Versions: Zorlan SkyCaiji version 2.9 Description: A critical vulnerability was found in Zorlan SkyCaiji, affecting the previewAction function of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the data argument leads to...

PT-2024-17138 · Netskope · Netskope Endpoint Dlp

Name of the Vulnerable Software and Affected Versions: Netskope Endpoint DLP versions prior to R119 Description: A security issue arises from a double-fetch problem in the Content Control Driver of Netskope Endpoint DLP, leading to a heap overflow. This occurs because the NumberOfBytes argument t...

PT-2024-16394 · Safenet · Esafenet Cdg 5

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG 5 Description: A critical vulnerability has been found in ESAFENET CDG 5, affecting the function delPolicyAction of the file /com/esafenet/servlet/system/PolicyActionService.java. The manipulation of the argument id leads to SQL...

WordPress plugin Starbox security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

CVE-2021-4343

The CVE-2021-4343 entry refers to the WordPress Unauthenticated Account Creation plugin (up to version 1.6.6). The underlying issue is that the stm_listing_register AJAX action is accessible and unprotected, allowing unauthenticated attackers to create accounts, including administrator-level acco...

Cross site scripting

X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Create Action function, aka an index.php/actions/update URI...

CVE-2022-48178

X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Create Action function, aka an index.php/actions/update URI...