CVE-2026-5294

CVE-2026-5294 : The Geeky Bot plugin for WordPress, affected in versions up to 1.2.2, suffers a Missing Authorization vulnerability via a nopriv AJAX route (geekybot_frontendajax). Attacker-controlled model/function dispatch reaches a plugin installer helper that downloads and unzips attacker-sup...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Frangoteam Fuxa

CVE-2025-69985: Exploit para Autenticación Bypass a RCE en FUX...

FreeBSD : ejabberd -- Potential DDoS in XML Parser (82064ab5-3d76-11f1-89ab-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 82064ab5-3d76-11f1-89ab-901b0e9408dc advisory. ejabberd team reports: This release adds new options that limit max memory used by XML parser used to...

ejabberd -- Potential DDoS in XML Parser

ejabberd team reports: This release adds new options that limit max memory used by XML parser used to process XMPP payloads, to prevent potential Denial of Service attack. The default values for pre-auth provide sufficient protection for ejabberd against non-authenticated users on c2s and s2s, so...

EUVD-2020-0253

Malware in sbrugna...

EUVD-2020-5662

Malware in sbrugna...

EUVD-2016-3205

Malware in sbrugna...

EUVD-2020-17882

Malware in sbrugna...

EUVD-2018-5325

Malware in sbrugna...

EUVD-2025-23168

Malicious code in bioql PyPI...

EUVD-2025-7622

Malicious code in bioql PyPI...

EUVD-2021-8673

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-31068

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected version...

Liferay Portal stored cross-site scripting in text field of the web content structure

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject...

Liferay Portal 7.4.x < 7.4.3.133 Cross-Site Scripting

Liferay Portal versions 7.4.x prior to 7.4.3.133 and DXP versions prior to 2024.Q1.16 or 2025.Q1.x prior to 2025.Q1.5 or 2025.Q2.x prior to 2025.Q2.0 are affected by a Cross-Site Scripting allowing an remote non-authenticated attacker to inject JavaScript into the...

PT-2025-32669 · Liferay · Liferay Portal +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.131 Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...

CVE-2025-4599

The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 update 61 through update 92 was found to be vulnerable to postMessage-base...

CVE-2025-43018

Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book...

CVE-2025-43018

Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book...

CVE-2025-43018 Certain HP LaserJet Pro Printers – Potential Information Disclosure

Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book...