33 matches found
Malicious code in eslint-plugin-process-sails-update (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54131fa2d2dcc4b78de6cb5b6d09342e6dc5740aaa9fbbe5e0ec5cac6985a259 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2005-4845
Malware in sbrugna...
EUVD-2022-38912
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-3124
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack ...
CVE-2025-57733
In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content...
Multiple vulnerabilities in WordPress plugin "Carousel Slider"
Overview WordPress plugin "Carousel Slider" provided by Sayful Islam contains 2 CSRF vulnerabilities listed below. Cross-site request forgery on Carousel image selection feature CWE-352 - CVE-2024-45269 Cross-site request forgery on Hero image selection feature CWE-352 - CVE-2024-45270 RyotaK of...
WordPress plugin Carousel Slider 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
The vulnerability of the ActivityPub plugin in the WordPress content management system allows attackers to perform unauthorized functions, modify or delete any content.
The vulnerability of the ActivityPub plugin in the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to perform unauthorized functions, modify or delete arbitrary content...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...
CVE-2020-1472
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC. An attacker who successfully exploited the vulnerability could run a specially crafted application on a...
CVE-2019-12273
OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: The product is self-hosted by the customer, even though it has a .outsystemsenterprise.com domain name. NOTE: The vendor claims that the independent researcher created the repo...
PHP Scripts Mall Readymade Job Site Script Cross Site Request Forgery Vulnerability
PHP Scripts Mall Readymade Job Site Script is a PHP based job site script by PHP Scripts Mall India. The script includes features like job management, profile management and email notifications. A cross-site request forgery vulnerability exists in PHP Scripts Mall Readymade Job Site Script. A...
Apache Solr Real-Time - Critical - Access Bypass - SA-CONTRIB-2015-119
This module allows content-changes to be committed to Apache Solr in real-time. The module doesn't check the status of an entity being indexed which means that unpublished content will get indexed by Solr and the title and partial content may be exposed to any user who has permission to search si...