307 matches found
WordPress plugin Fancy Product Designer has a security vulnerability.
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
AZL-73526 CVE-2025-69226 affecting package python-aiohttp 3.6.2-3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...
PT-2025-51289
Name of the Vulnerable Software and Affected Versions Soosyze version 2.0.0 Description The application has a file upload issue that permits attackers to upload arbitrary HTML files containing PHP code. This broken file upload mechanism could allow attackers to view sensitive file paths and execu...
CVE-2025-66549
Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...
UBUNTU-CVE-2025-66549
Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...
CVE-2025-66549
The CVE-2025-66549 entry concerns Nextcloud Desktop (the desktop sync client). Before version 3.16.5, locking a file inside an end-to-end encrypted directory would send the file’s path to the server unencrypted, allowing administrators to see it in logs. The root cause is unencrypted transmission...
EUVD-2025-36426
Keycloak unable to restrict access to the admin console...
CVE-2025-10939
Keycloak is affected by a path traversal vulnerability (CVE-2025-10939) that can expose the admin console path via relative or non-normalized URLs (e.g., /realms/../admin/), potentially bypassing proxy restrictions intended to block /admin. Multiple sources (including GHSA entry and Nessus plugin...
CVE-2025-10939
A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...
PT-2025-44084
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak where the /admin path can be accessed via a proxy, such as ha-proxy, by using relative or non-normalized paths. Keycloak documentation advises against exposing the...
EUVD-2007-6346
Malware in sbrugna...
EUVD-2008-0746
Malware in sbrugna...
EUVD-2000-1176
Malware in sbrugna...
EUVD-2012-4163
Malware in sbrugna...
EUVD-2012-4599
Malware in sbrugna...
EUVD-2001-0303
Malware in sbrugna...
EUVD-2011-3759
Malware in sbrugna...
EUVD-2006-2463
Malware in sbrugna...
EUVD-2014-8328
Malware in sbrugna...
EUVD-2005-2395
Malware in sbrugna...