27 matches found
EUVD-2025-27970
Malicious code in bioql PyPI...
EUVD-2025-20007
Malicious code in bioql PyPI...
EUVD-2025-28281
Malicious code in bioql PyPI...
EUVD-2025-18542
Malicious code in bioql PyPI...
EUVD-2025-17136
Malicious code in bioql PyPI...
EUVD-2025-28328
Malicious code in bioql PyPI...
EUVD-2025-15495
Malicious code in bioql PyPI...
CVE-2025-49070
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in NasaTheme Elessi elessi-theme allows PHP Local File Inclusion.This issue affects Elessi: from n/a through 6.4.1...
CVE-2025-49070
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in NasaTheme Elessi elessi-theme allows PHP Local File Inclusion.This issue affects Elessi: from n/a through 6.4.1...
CVE-2025-49070
CVE-2025-49070 is a Local File Inclusion vulnerability in WordPress Elessi (Elessi-theme) before version 6.4.1. The issue arises from improper control of the filename in include/require statements, allowing an attacker to include local PHP files. Affected software: Elessi theme/plugin (WordPress)...
CVE-2025-49873
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NasaTheme Elessi elessi-theme allows Reflected XSS.This issue affects Elessi: from n/a through = 6.3.9...
CVE-2025-49873
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NasaTheme Elessi elessi-theme allows Reflected XSS.This issue affects Elessi: from n/a through = 6.3.9...
PT-2025-26331 · Unknown · Nasatheme Elessi
Name of the Vulnerable Software and Affected Versions: NasaTheme Elessi versions n/a through 6.3.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. Recommendations: For versions n/a...
CVE-2025-49071
Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen flozen-theme allows Upload a Web Shell to a Web Server.This issue affects Flozen: from n/a through 1.5.1...
CVE-2025-39508
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NasaTheme Nasa Core nasa-core allows Reflected XSS.This issue affects Nasa Core: from n/a through = 6.4.4...
CVE-2025-49071
Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen flozen-theme allows Upload a Web Shell to a Web Server.This issue affects Flozen: from n/a through 1.5.1...
CVE-2025-39508
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NasaTheme Nasa Core nasa-core allows Reflected XSS.This issue affects Nasa Core: from n/a through = 6.4.4...
CVE-2025-49071
CVE-2025-49071 : Flozen WordPress theme (Flozen
CVE-2025-39508
CVE-2025-39508 affects the WordPress plugin Nasa Core (Nasa Theme). The vulnerability is a Reflected XSS due to improper input neutralization during web page generation. Affected versions are listed as up to 6.3.2 in the CVE description, with related sources confirming continued XSS discussions a...
PT-2025-25688 · Unknown · Nasatheme Flozen
Name of the Vulnerable Software and Affected Versions: NasaTheme Flozen affected versions not specified Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and...