1919 matches found
BIT-LIBPYTHON-2024-12718 Bypass extraction filter to modify file metadata outside extraction directory
Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...
CVE-2025-50466
OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query...
CVE-2025-50467
OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query...
CVE-2025-50468
OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query...
CVE-2025-6986
The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 6.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...
CVE-2025-50468
OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query...
CVE-2025-50466
OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query...
CVE-2025-54784 SuiteCRM is vulnerable to Cross Site Scripting (XSS) through its email viewer
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. There is a Cross Site Scripting XSS vulnerability in the email viewer in versions 7.14.0 through 7.14.6. An external attacker could send a prepared message to the inbox of the SuiteCRM-instance...
CVE-2025-54784 SuiteCRM is vulnerable to Cross Site Scripting (XSS) through its email viewer
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. There is a Cross Site Scripting XSS vulnerability in the email viewer in versions 7.14.0 through 7.14.6. An external attacker could send a prepared message to the inbox of the SuiteCRM-instance...
WordPress plugin FileBird SQL注入漏洞
WordPress FileBird is a media library management plugin designed for WordPress to help users efficiently organize and manage their media files by providing features such as an intuitive folder system, drag-and-drop operation, search function and batch upload. WordPress FileBird suffers from a SQL...
PT-2025-32146 · WordPress · Givewp – Donation Plugin/Fundraising Platform
Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions prior to 4.6.1 Description: The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is susceptible to information exposure. This allows unauthenticated attackers to...
CVE-2025-6722
The BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5 via the bitfire directory that automatically gets created and stores potentially sensitive files without any access...
CVE-2025-6348
CVE-2025-6348 affects WordPress Smart Slider 3 plugin. All versions up to and including 3.5.1.28 are vulnerable to a time-based SQL Injection via the sliderid parameter, caused by insufficient escaping of user input and inadequate preparation of the existing SQL query. This allows authenticated a...
CVE-2025-8009
The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.242 via the 'getfilesource' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to extra...
CVE-2024-13507 GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.97 - Unauthenticated SQL Injection
The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to time-based SQL Injection via the dist parameter in all versions up to, and including, 2.8.97 due to insufficient escaping on the user supplied parameter and lack of sufficient...
Exploit for CVE-2025-52399
CVE-2025-52399 - SQL Injection in Institute of Current Student...
CVE-2025-8009 Security Ninja – Secure Firewall & Secure Malware Scanner - 5.201 - 5.242 - Authenticated (Administrator+) Arbitrary File Read
The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.242 via the 'getfilesource' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to extra...
PT-2025-30640 · WordPress · The Security Ninja – Wordpress Security Plugin & Firewall
Name of the Vulnerable Software and Affected Versions: The Security Ninja – WordPress Security Plugin & Firewall versions prior to 5.243 Description: The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is susceptible to an arbitrary file read issue. This allows...
CVE-2025-41458
CVE-2025-41458 concerns unencrypted storage in the iOS app Two App Studio Journey v5.5.9, allowing local attackers with direct filesystem access to extract sensitive data. The NVD entry lists a CVSS v3.1 base score 5.5 (MEDIUM) , with LOCAL attack vector, LOW attack complexity, and HIGH confident...
Exploit for CVE-2026-2058
CLOUD-CLASSROOMS-php-1.0 PoC - Sql Injection Erro Based Prese...