CVE-2024-2291

In Progress MOVEit Transfer versions released before 2022.0.11 14.0.11, 2022.1.12 14.1.12, 2023.0.9 15.0.9, 2023.1.4 15.1.4, a logging bypass vulnerability has been discovered. An authenticated user could manipulate a request to bypass the logging mechanism within the web application which result...

CVE-2024-2018

The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry-roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

CVE-2025-11877 User Activity Log <= 2.2 - Unauthenticated Limited Options Update via Failed Login

The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ualshookwploginfailed' lacks a capability check and writes failed usernames directly into updateoption calls. This makes it possible for unauthenticated attacker...

CVE-2025-11877 User Activity Log <= 2.2 - Unauthenticated Limited Options Update via Failed Login

The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ualshookwploginfailed' lacks a capability check and writes failed usernames directly into updateoption calls. This makes it possible for unauthenticated attacker...

CVE-2025-11877

The CVE-2025-11877 issue affects WordPress User Activity Log versions up to 2.2. The vulnerability is in the failed-login handler (ual_shook_wp_login_failed), which lacks a capability check and writes failed usernames into update_option() calls. This allows unauthenticated attackers to push certa...

WordPress User Activity Log plugin <= 2.2 - Unauthenticated Limited Options Update via Failed Login vulnerability

Unauthenticated Limited Options Update via Failed Login vulnerability discovered by shark3y in WordPress Plugin User Activity Log versions = 2.2...

WordPress plugin User Activity Log 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

PT-2026-1584

Name of the Vulnerable Software and Affected Versions User Activity Log plugin versions prior to and including 2.2 Description The User Activity Log plugin has an issue where the failed-login handler ual shook wp login failed does not perform a capability check. This allows unauthenticated...

SUSE CVE-2025-67819

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...

CVE-2026-0625

Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DN...

Malicious code in @crepo/crepo-url-query-mapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8556f30a48d0b1c957d0d66394801c28e6259503ed20f4cbf900102b962ee5f The package @crepo/crepo-url-query-mapper was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-0582

A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/editactivityquery.php. The manipulation of the argument Title leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be...

CVE-2026-0582

A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/editactivityquery.php. The manipulation of the argument Title leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be...

MAL-2026-49 Malicious code in diskho (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d03f656f5769803487abac8cada65f7f7a80d04ecbb9c39633408b2c48a157b5 The package diskho was found to contain malicious code. Source: ossf-package-analysis b944051826f01c581baeba101564a1e463b08dc5ba4353b9598eff67ebddc9f...

CVE-2026-0582 itsourcecode Society Management System edit_activity_query.php sql injection

A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/editactivityquery.php. The manipulation of the argument Title leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be...

CVE-2026-0582 itsourcecode Society Management System edit_activity_query.php sql injection

A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/editactivityquery.php. The manipulation of the argument Title leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be...

EUVD-2026-0900

A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/editactivityquery.php. The manipulation of the argument Title leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be...

CVE-2026-0582

The CVE pertains to itsourcecode Society Management System 1.0. A SQL injection vulnerability exists in the file /admin/edit_activity_query.php triggered by manipulating the Title parameter, with exploitation described as remote and publicly available. Affected component/file: /admin/edit_activit...

Malicious code in spire.officejs-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d5bc6046960bccab3120bb794cc2c868fa2bb41e0d35028f39e2e9ca9033a80 The package spire.officejs-common was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-39 Malicious code in spire.officejs-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d5bc6046960bccab3120bb794cc2c868fa2bb41e0d35028f39e2e9ca9033a80 The package spire.officejs-common was found to contain malicious code. Source: ossf-package-analysis...