EUVD-2024-22101

Malicious code in bioql PyPI...

EUVD-2023-51629

Malicious code in bioql PyPI...

EUVD-2023-41770

Malicious code in bioql PyPI...

CVE-2025-49844 Redis Lua Use-After-Free may lead to remote code execution

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all...

CVE-2025-9892

The Restrict User Registration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the update function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2025-9892

CVE-2025-9892 describes a Cross-Site Forgery vulnerability in the WordPress plugin Restrict User Registration (versions ≤ 1.0.1) due to missing nonce validation in the update() function. This allows unauthenticated attackers to update plugin settings by mislead­ing an admin into performing an act...

CVE-2025-9892 Restrict User Registration <= 1.0.1 - Cross-Site Request Forgery to Settings Update

The Restrict User Registration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the update function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2025-9892 Restrict User Registration <= 1.0.1 - Cross-Site Request Forgery to Settings Update

The Restrict User Registration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the update function. This makes it possible for unauthenticated attackers to update the plugin's...

EUVD-2025-32263

The Restrict User Registration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the update function. This makes it possible for unauthenticated attackers to update the plugin's...

WordPress plugin Restrict User Registration 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

CVE-2025-10725

A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization. An attacker with the Manage Users permission can prevent legitimate users, including administrators, from accessing the platform by modifying usernames to cause account lockouts or username takeovers. Workaround...

DRUPAL-CONTRIB-2025-109

This module enables you to add Umami Analytics web statistics tracking system to your website. The "administer umami analytics" permission allows inserting an arbitrary JavaScript file on every page. While this is an expected feature, the permission lacks the "restrict access" flag, which should...

PT-2025-38411

Name of the Vulnerable Software and Affected Versions itsourcecode Student Information Management System version 1.0 Description A vulnerability exists in itsourcecode Student Information Management System version 1.0. The issue is a SQL injection affecting an unknown function within the...

PT-2025-38313

Name of the Vulnerable Software and Affected Versions Summar Software Portal del Empleado affected versions not specified Description A SQL injection vulnerability exists in Summar Software’s Portal del Empleado. This vulnerability allows an attacker to retrieve, create, update, and delete the...

PT-2025-38468

Name of the Vulnerable Software and Affected Versions fuyang lipengjun platform version 1.0 Description A weakness exists in the BrandController function of the /brand/queryAll file, potentially leading to improper authorization. This issue can be exploited remotely. The exploit has been made...

PT-2025-38475

Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0 Description A SQL injection issue exists in SourceCodester Pet Grooming Management Software. The vulnerability is located in the file /admin/operation/paid.php. Manipulation of the...

PT-2025-38284

Name of the Vulnerable Software and Affected Versions: SourceCodester Hotel Reservation System version 1.0 Description: A SQL injection issue exists in the deleteuser.php file due to manipulation of the ID argument. This can be exploited remotely. The exploit is publicly available. Recommendation...

PT-2025-38140

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A weakness exists in Portabilis i-Educar up to version 2.10. The issue is related to the manipulation of the abreviatura/tipoacao argument in the /intranet/educar funcao cad.php file within...

PT-2025-38220

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Exam Form Submission version 1.0 Description: A SQL injection issue exists due to the manipulation of the usn argument in the file /index.php. The attack can be launched remotely. The exploit has been made public...