EUVD-2012-5526

Malware in sbrugna...

EUVD-2024-54679

Malicious code in bioql PyPI...

CVE-2025-6388

CVE-2025-6388 : Spirit Framework plugin for WordPress has an authentication bypass in all versions up to 1.2.14 due to improper validation in the custom_actions() function, enabling unauthenticated attackers who know an admin username to log in as any user (including administrators). Multiple con...

WordPress plugin Spirit Framework 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

VulnCheck KEV: CVE-2025-6388

The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the customactions function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated...

CVE-2024-7562

A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. All supported versions InstallShield 2023 R2, InstallShield 2022 R2 and InstallShield 2021 R2 are affected by this issue...

CVE-2024-7562

A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. All supported versions InstallShield 2023 R2, InstallShield 2022 R2 and InstallShield 2021 R2 are affected by this issue...

CVE-2024-7562

A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. All supported versions InstallShield 2023 R2, InstallShield 2022 R2 and InstallShield 2021 R2 are affected by this issue...

CVE-2024-7562

CVE-2024-7562 affects InstallShield Standalone MSI packages built with multiple InstallScript custom actions across versions 2021 R2, 2022 R2, and 2023 R2. The issue is a potential elevation of privilege with local attack vector and low attacker privileges, leading to impacts on confidentiality, ...

CVE-2024-7562

A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. All supported versions InstallShield 2023 R2, InstallShield 2022 R2 and InstallShield 2021 R2 are affected by this issue...

PT-2025-25334

Name of the Vulnerable Software and Affected Versions InstallShield versions 2021 R2 through 2023 R2 Description A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. Recommendations For...

CVE-2024-27314

Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users...

📄 RDPGuard 9.9.9 Privilege Escalation

RDPGuard version 9.9.9 suffers from a privilege escalation vulnerability. Exploit Title: RDPGuard 9.9.9 - Privilege Escalation SYSTEM Discovered by: Ahmet Ümit BAYRAM Discovered Date: 09.05.2025 Vendor Homepage: https://rdpguard.com Software Link: https://rdpguard.com/download.aspx Tested Version...

CVE-2024-27314

Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users...

CVE-2024-27314 Stored XSS Vulnerability

Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users...

PT-2024-5294 · Zoho · Zoho Manageengine Servicedesk Plus +1

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ServiceDesk Plus versions below 14730 Zoho ManageEngine ServiceDesk Plus MSP versions below 14720 Zoho ManageEngine SupportCenter Plus versions below 14720 Description: The vulnerability exists in the Custom Actions componen...

ManageEngine ServiceDesk Plus MSP < 14.7 Build 14720

The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 14.7 Build 14720. It is, therefore, affected by a vulnerability as referenced in the service-desk-mspcve-2024-27314 advisory. - A stored cross-site scripting XSS vulnerability allowed users with the SDAdmin...

ManageEngine ServiceDesk Plus < 14.7 Build 14730

The version of ManageEngine ServiceDesk Plus installed on the remote host is prior to 14.7 Build 14730. It is, therefore, affected by a vulnerability as referenced in the service-deskcve-2024-27314 advisory. - A stored cross-site scripting XSS vulnerability allowed users with the SDAdmin role to...

ManageEngine SupportCenter Plus < 14.7 Build 14720

The version of ManageEngine SupportCenter Plus installed on the remote host is prior to 14.7 Build 14720. It is, therefore, affected by a vulnerability as referenced in the support-centercve-2024-27314 advisory. - A stored cross-site scripting XSS vulnerability allowed users with the SDAdmin role...

Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078,...