4930 matches found
EUVD-2025-1776
Malicious code in bioql PyPI...
EUVD-2025-4579
Malicious code in bioql PyPI...
EUVD-2022-0514
Malicious code in bioql PyPI...
EUVD-2023-33548
Malicious code in bioql PyPI...
EUVD-2022-33500
Malicious code in bioql PyPI...
EUVD-2024-16742
Malicious code in bioql PyPI...
EUVD-2023-0494
Malicious code in bioql PyPI...
Exploit for CVE-2025-8625
CVE-2025-8625 Copypress Rest API 1.1 - 1.2 - Missing Configura...
CVE-2025-9209
The CVE concerns RestroPress – Online Food Ordering System (WordPress) versions 3.0.0–3.1.9.2. Affected endpoint /wp-json/wp/v2/users exposes user private tokens and API data, enabling unauthenticated attackers to forge JWT tokens and authenticate as other users (including admins). This constitut...
CVE-2025-20371
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery SSRF potentially letting an attacker perform REST API calls on...
CVE-2025-20371
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery SSRF potentially letting an attacker perform REST API calls on...
CVE-2025-8625
The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreaphandleimage Function in versions 1.1 to 1.2. The plugin falls back to a hard-coded JWT signing key when no secret is defined and does not restrict which file types can be fetched and saved as attachment...
Splunk Enterprise 9.2.0 < 9.2.8, 9.3.0 < 9.3.6, 9.4.0 < 9.4.4, 10.0.0 < 10.0.1 (SVD-2025-1006)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1006 advisory. - In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109,...
CVE-2025-8625
The Copypress Rest API plugin for WordPress (versions 1.1–1.2) is vulnerable to Remote Code Execution due to a hard-coded JWT signing key when no secret is configured and lack of file-type validation, allowing unauthenticated attackers to forge tokens and upload arbitrary files (e.g., PHP shells)...
CVE-2025-8625 Copypress Rest API 1.1 - 1.2 - Missing Configurable JWT Secret and File-Type Validation to Unauthenticated Remote Code Execution
The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreaphandleimage Function in versions 1.1 to 1.2. The plugin falls back to a hard-coded JWT signing key when no secret is defined and does not restrict which file types can be fetched and saved as attachment...
CVE-2025-8625 Copypress Rest API 1.1 - 1.2 - Missing Configurable JWT Secret and File-Type Validation to Unauthenticated Remote Code Execution
The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreaphandleimage Function in versions 1.1 to 1.2. The plugin falls back to a hard-coded JWT signing key when no secret is defined and does not restrict which file types can be fetched and saved as attachment...
CVE-2025-56449
A security vulnerability was identified in Obsidian Scheduler's REST API 5.0.0 thru 6.3.0. If an account is locked out due to not enrolling in MFA e.g. after the 7-day enforcement window, the REST API still allows the use of Basic Authentication to authenticate and perform administrative actions...
WordPress Copypress Rest API plugin 1.1-1.2 - Unauthenticated Remote Code Execution vulnerability
Unauthenticated Remote Code Execution vulnerability discovered by kr0d in WordPress Plugin Copypress Rest API versions 1.1-1.2...
PT-2025-39945
Name of the Vulnerable Software and Affected Versions Copypress Rest API plugin for WordPress versions 1.1 through 1.2 Description The Copypress Rest API plugin for WordPress is susceptible to Remote Code Execution through the copyreap handle image function. The plugin utilizes a hard-coded JWT...
CVE-2025-34216 Vasion Print (formerly PrinterLogic) RCE and Password Leaks via API
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 VA deployments only expose a set of unauthenticated REST API endpoints that return configuration files and clear‑text passwords. The same endpoints also disclose the...