CVE-2025-10000 Qyrr – simply and modern QR-Code creation <= 2.0.7 - Authenticated (Contributor+) Arbitrary File Upload

The Qyrr – simply and modern QR-Code creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the blobtofile function in all versions up to, and including, 2.0.7. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2024-2868

creationtimestamp| type| source ---|---|--- 2025-08-27 21:18:42+00:00| seen| Telegram/QRi89iADQMK6Oo4ng2Sn02lnyJbgz2KnJw4HItHLZe3NI...

How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidents

Why do SOC teams still drown in alerts even after spending big on security tools? False positives pile up, stealthy threats slip through, and critical incidents get buried in the noise. Top CISOs have realized the solution isn't adding more and more tools to SOC workflows but giving analysts the...

PoisonSeed Tricking Users Into Bypassing FIDO Keys With QR Codes

PoisonSeed group tricks users into bypassing FIDO Keys by misusing QR code logins, highlighting new social engineering risk to secure MFA...

CVE-2025-22819

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Roberto Bottalico Qr Code and Barcode Scanner Reader qr-code-and-barcode-scanner-reader allows Stored XSS.This issue affects Qr Code and Barcode Scanner Reader: from n/a through = 1.0.0...

CVE-2025-23864

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Luke America WCS QR Code Generator wcs-qr-code-generator allows Stored XSS.This issue affects WCS QR Code Generator: from n/a through = 1.0...

CVE-2024-47128

The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations...

CVE-2024-8152

A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/add-bookmark.php of the component Parameter Handler. The manipulation of the argument name/url leads to cross site scripting...

CVE-2024-41658

Casdoor is a UI-first Identity and Access Management IAM / Single-Sign-On SSO platform. In Casdoor 1.577.0 and earlier, he purchase URL that is created to generate a WechatPay QR code is vulnerable to reflected XSS. When purchasing an item through casdoor, the product page allows you to pay via...

CVE-2024-0953

When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS 129...

CVE-2024-32560

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sharabindu QR Code Composer allows Stored XSS.This issue affects QR Code Composer: from n/a through 2.0.3...

CVE-2024-3797

A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-bookmark.php?bookmark=1. The manipulation of the argument bookmark leads to sql injection. The attack can be initiated...

CVE-2024-1111

A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Login System 1.0. Affected by this issue is some unknown functionality of the file add-user.php. The manipulation of the argument qr-code leads to cross site scripting. The attack may be launched...

CVE-2024-31802

DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR code...

CVE-2024-8172

A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Attendance System 1.0. This issue affects some unknown processing of the file /endpoint/delete-student.php. The manipulation of the argument student/attendance leads to cross site scripting. The attack...

CVE-2024-48214

KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, either SSID or PASSWORD, in the JSON data...

CVE-2024-8153

A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/delete-bookmark.php. The manipulation of the argument bookmark leads to cross site scripting. The attack may be initiated...

CVE-2024-8154

A vulnerability classified as problematic has been found in SourceCodester QR Code Bookmark System 1.0. Affected is an unknown function of the file /endpoint/update-bookmark.php of the component Parameter Handler. The manipulation of the argument tblbookmarkid/name/url leads to cross site...

CVE-2023-48199

HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...

CVE-2023-34022

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Rakib Hasan Dynamic QR Code Generator plugin = 0.0.5 versions...