91 matches found
CVE-2025-56799
Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...
EUVD-2025-35237
Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name...
CVE-2025-56799
CVE-2025-56799 affects the Reolink Desktop Application (v8.18.12). The issue is an OS command injection in the cache-clearing scheduler, where a shell command is assembled using a folder path read from a config file without proper sanitization. This can allow an attacker to inject arbitrary comma...
EUVD-2021-13617
Malware in sbrugna...
EUVD-2016-2789
Malware in sbrugna...
EUVD-2009-4335
Malware in sbrugna...
EUVD-2017-11583
Malware in sbrugna...
EUVD-2023-12501
Malicious code in bioql PyPI...
EUVD-2023-23604
Malicious code in bioql PyPI...
EUVD-2024-51731
Malicious code in bioql PyPI...
EUVD-2023-24070
Malicious code in bioql PyPI...
EUVD-2024-33299
Malicious code in bioql PyPI...
CVE-2024-13715
The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstoreclearcache function in all versions up to, and including, 3.311. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2023-0447
The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clearallcache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear t...
CVE-2023-1868
The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrcclearcache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to clear the plugin's...
CVE-2023-1346
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clearpagecache function. This makes it possible for unauthenticated attackers to clear the...
CVE-2023-1925
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcclearcacheofallsitescallback function. This makes it possible for unauthenticated attackers to clear cache...
CVE-2025-32972 The lesscss script service allows cache clearing without programming right
XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, makin...
CVE-2025-32972 The lesscss script service allows cache clearing without programming right
XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, makin...
The lesscss script service allows cache clearing without programming right
Impact The script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, making it possible to clean the cache without having programming right. The only impact of this is a slowdown in XWiki execution as the caches are re-filled. As this...