397 matches found
CVE-2025-6038
The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation via password update in all versions up to, and including, 1.4.0. This is due to the plugin not properly validating a user's identity prior to updating...
EUVD-2007-2469
Malware in sbrugna...
EUVD-2015-6038
Malware in sbrugna...
EUVD-2013-3206
Malware in sbrugna...
EUVD-2008-7242
Malware in sbrugna...
EUVD-2020-30095
Malware in sbrugna...
EUVD-2025-10872
Malicious code in bioql PyPI...
EUVD-2025-31655
Malicious code in bioql PyPI...
EUVD-2025-27262
Malicious code in bioql PyPI...
EUVD-2025-25601
Malicious code in bioql PyPI...
Polska Akademia Dostępności CMS 安全漏洞
Polska Akademia Dostępności CMS is an accessible web content management system from Polska Akademia Dostępności, Poland. A security vulnerability exists in Polska Akademia Dostępności CMS that stems from improper initialization of password recovery parameters, which could lead to arbitrary user...
CubeCart 安全漏洞
CubeCart is an e-commerce software from CubeCart Open Source. A security vulnerability exists in CubeCart versions prior to 6.5.11, which stems from a password change that does not automatically expire the session, which could cause an unauthorized user to maintain access...
CVE-2025-57766
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, admin UI user password changes in Fides do not invalidate active user sessions, creating a vulnerability chaining opportunity where attackers who have obtained session tokens through other attack vectors such as XSS ca...
Linux Distros Unpatched Vulnerability : CVE-2016-7038
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. CVE-2016-7038 Note that Nessus relies o...
CVE-2025-9114
CVE-2025-9114 affects the Doccure WordPress theme. Versions up to and including 1.4.8 are vulnerable due to user-controlled access to objects that bypasses authorization, enabling unauthenticated attackers to change user passwords and potentially take over administrator accounts. The issue has a ...
WordPress plugin Doccure 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2025-5931
The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user's identity prior to updating their password during a staff password reset. This makes it possible for...
CVE-2025-5931 Dokan Pro <= 4.0.5 - Authenticated (Vendor+) Privilege Escalation
The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user's identity prior to updating their password during a staff password reset. This makes it possible for...
Linux Distros Unpatched Vulnerability : CVE-2019-3467
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian-edu-config all versions 2.11.10, a set of configuration files used for Debian Edu, and debian- lan-config 0.26, configured too permissive ACLs for the...
Linux Distros Unpatched Vulnerability : CVE-2016-10206
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site request forgery CSRF vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that...