121 matches found
CVE-2026-9369 NousResearch hermes-agent CLI web-dashboard web_server.py _discover_dashboard_plugins comparison
A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function discoverdashboardplugins of the file hermescli/webserver.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMESENABLEPROJECTPLUGINS results in incorrect...
CVE-2026-3140
The Ultimate Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.14. This is due to a flawed nonce validation conditional in the 'handlemoduleactions' function. This makes it possible for unauthenticated attackers to toggle plugin...
CVE-2020-24699
The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS...
CVE-2025-1523
The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-12540
CVE-2025-12540 affects the ShareThis Dashboard for Google Analytics WordPress plugin (affected
CVE-2025-62087 WordPress Sticky Notes for WP Dashboard plugin <= 1.2.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Web Builder 143 Sticky Notes for WP Dashboard wb-sticky-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Notes for WP Dashboard: from n/a through = 1.2.4...
WordPress Sticky Notes for WP Dashboard plugin <= 1.2.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Sticky Notes for WP Dashboard versions = 1.2.4...
EUVD-2013-6792
Malware in sbrugna...
EUVD-2024-34385
Malicious code in bioql PyPI...
EUVD-2023-58000
Malicious code in bioql PyPI...
EUVD-2022-34652
Malicious code in bioql PyPI...
EUVD-2022-24838
Malicious code in bioql PyPI...
EUVD-2023-29626
Malicious code in bioql PyPI...
EUVD-2023-49385
Malicious code in bioql PyPI...
PT-2025-39486
Name of the Vulnerable Software and Affected Versions System Dashboard plugin for WordPress versions prior to 2.8.21 Description The System Dashboard plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is caused by a lack of nonce validation in the sd toggle logs function...
WordPress System Dashboard plugin <= 2.8.20 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Đỗ Quang Huy in WordPress Plugin System Dashboard versions = 2.8.20...
CVE-2025-52136
In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability for later Dashboard installation is set b...
CVE-2025-52136
EMQX before 5.8.6 may allow administrators to install arbitrary plugins via the Dashboard; this behavior is described as intended by the supplier. In 5.8.6 a defense‑in‑depth feature was added that controls plugin installation via the CLI command “emqx ctl plugins allow,” which determines a plugi...
CVE-2025-52136
In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability for later Dashboard installation is set b...
CVE-2025-52136
In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability for later Dashboard installation is set b...