70 matches found
CVE-2026-14128
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...
BIT-PYTHON-MIN-2024-5642 Buffer overread when using an empty list with SSLContext.set_npn_protocols()
CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being...
EUVD-2024-1332
Malicious code in bioql PyPI...
EUVD-2023-24024
Malicious code in bioql PyPI...
BIT-WORDPRESS-MULTISITE-2025-58246 WordPress <= 6.8.2 - (Contributor+) Sensitive Data Exposure Vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability. Contributor-level privileges required in order to...
WordPress Content Mask plugin <= 1.8.5.3 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Nabil Irawan in WordPress Plugin Content Mask versions = 1.8.5.3...
WordPress Certifica WP plugin <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via evento Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via evento Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Certifica WP versions = 3.1...
WordPress rajce plugin <= 0.4.2 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin rajce versions = 0.4.2...
WordPress Page Transition plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Page Transition versions = 1.3...
WordPress Embed Bokun plugin <= 0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via align Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Embed Bokun versions = 0.23...
WordPress Radius Blocks plugin <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via subHeadingTagName Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via subHeadingTagName Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Radius Blocks versions = 2.2.1...
WordPress Mosaic Generator plugin <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'c' Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'c' Parameter vulnerability discovered by muhammad yudha in WordPress Plugin Mosaic Generator versions = 1.0.5...
BIT-LIBPYTHON-2024-7592 Quadratic complexity parsing cookies with backslashes
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
WordPress NinjaScanner plugin <= 3.2.5 - Authenticated (Administrator+) Arbitrary File Deletion vulnerability
Authenticated Administrator+ Arbitrary File Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin NinjaScanner versions = 3.2.5...
WordPress Gutentor plugin <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by Webbernaut in WordPress Plugin Gutentor versions = 3.4.8...
WordPress Useful Tab Block plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via className Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Useful Tab Block versions = 1.3.2...
WordPress Listly plugin <= 2.7 - Unauthenticated Arbitrary Transient Deletion vulnerability
Unauthenticated Arbitrary Transient Deletion vulnerability discovered by ch4r0n in WordPress Plugin Listly versions = 2.7...
WordPress Residential Address Detection plugin <= 2.5.9 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin Residential Address Detection versions = 2.5.9...
WordPress fluXtore plugin <= 1.6.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin fluXtore versions = 1.6.0...
WordPress WP DB Booster plugin <= 1.0.1 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by theviper17 in WordPress Plugin WP DB Booster versions = 1.0.1...