EUVD-2023-27651

Malicious code in bioql PyPI...

EUVD-2021-29607

Malicious code in bioql PyPI...

EUVD-2024-40404

Malicious code in bioql PyPI...

CVE-2025-6815

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘servicename’ parameter in all versions up to, and including, 5.1.94 due to insufficient input sanitization and output escaping. This makes it possible for...

Linux Distros Unpatched Vulnerability : CVE-2025-1131

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A local privilege escalation vulnerability exists in the safeasterisk script included with the Asterisk toolkit package. When Asterisk is started via this scrip...

CVE-2025-60102

CVE-2025-60102 : Stored Cross-Site Scripting in WPFront User Role Editor for WordPress. Affected software: WPFront User Role Editor, version range up to and including 4.2.3. Root cause and impact: improper neutralization of input during web page generation leading to stored XSS. Public details in...

CVE-2025-58674

CVE-2025-58674 corresponds to a Stored XSS in WordPress core. Affected are WordPress versions from 4.7 through 6.8.2 and many 5.x/6.x branches listed in the entry; exploitation requires an attacker with Author or higher privileges and some user interaction. The issue is rated medium (CVSSv3.1: AV...

CVE-2025-57407

A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...

CVE-2025-10828 SourceCodester Pet Grooming Management Software edit.php sql injection

A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file /admin/edit.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly an...

CVE-2025-57956 WordPress WooMS Plugin <= 9.12 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpcraft WooMS allows Stored XSS. This issue affects WooMS: from n/a through 9.12...

CVE-2025-57993 WordPress Geolocation IP Detection plugin <= 5.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Benjamin Pick Geolocation IP Detection geoip-detect allows Stored XSS.This issue affects Geolocation IP Detection: from n/a through = 5.5.0...

PT-2025-38673

Name of the Vulnerable Software and Affected Versions: Wavlink WL-NU516U1 version 240425 Description: A security issue has been identified in the sub 4012A0 function of the /cgi-bin/login.cgi file. Manipulation of the ipaddr argument can lead to operating system command injection. This attack is...

CVE-2025-57644

Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write a...

PT-2025-38543

Name of the Vulnerable Software and Affected Versions Accela Automation Platform version 22.2.3.0.230103 Description Accela Automation Platform contains multiple issues within the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, potentially...

itsourcecode Online Petshop Management System 安全漏洞

itsourcecode Online Petshop Management System is itsourcecode open source an online pet store management system. A security vulnerability exists in version 1.0 of itsourcecode Online Petshop Management System, which stems from an incorrect manipulation of the parameters name and description in th...

CVE-2025-34184 Ilevia EVE X1 Server 4.7.18.0.eden Neuro-Core Unauthenticated Code Injection

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...

CVE-2025-34184

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...

CVE-2025-10324

A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects the function sub401C5C of the file firewall.cgi. This manipulation of the argument pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled causes command injection. It is possible to initia...

CVE-2025-10325 Wavlink WL-WN578W2 login.cgi sub_401BA4 command injection

A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub401340/sub401BA4 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might...

PT-2025-37344

Name of the Vulnerable Software and Affected Versions: Wavlink WL-WN578W2 version 221110 Description: A vulnerability exists in the Wavlink WL-WN578W2 router. Manipulation of the arguments pingFrmWANFilterEnabled, blockSynFloodEnabled, blockPortScanEnabled, or remoteManagementEnabled within the...