WordPress Folderly plugin <= 0.3 - Incorrect Authorization to Authenticated (Author+) Term Deletion vulnerability

Incorrect Authorization to Authenticated Author+ Term Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Folderly versions = 0.3...

EUVD-2025-25237

Malicious code in bioql PyPI...

CVE-2025-55741

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intend...

CVE-2025-55733

DeepChat (prior to version 0.3.1) is affected by a remote code execution flaw that is triggered by embedding a specially crafted deepchat: URL on any website. When a user visits the site or clicks the link, the browser invokes the DeepChat app’s custom URL handler, which launches the application ...

CVE-2025-55733 DeepChat One-click Remote Code Execution through Custom URL Handling

DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they...