Lucene search
K

461 matches found

OSV
OSV
added 2025/11/07 10:15 p.m.5 views

CVE-2025-60574

A Local File Inclusion LFI vulnerability has been identified in tQuadra CMS 4.2.1117. The issue exists in the "/styles/" path, which fails to properly sanitize user-supplied input. An attacker can exploit this by sending a crafted GET request to retrieve arbitrary files from the underlying system...

7.5CVSS5.8AI score0.00444EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.10 views

PT-2025-45508

Name of the Vulnerable Software and Affected Versions tQuadra CMS version 4.2.1117 Description A Local File Inclusion LFI issue exists in tQuadra CMS. The vulnerability is located in the "/styles/" path, which does not properly sanitize user-supplied input. An attacker can exploit this by sending...

7.5CVSS6.5AI score0.00444EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/11/07 12:0 a.m.9 views

CVE-2025-60574

A Local File Inclusion LFI vulnerability has been identified in tQuadra CMS 4.2.1117. The issue exists in the "/styles/" path, which fails to properly sanitize user-supplied input. An attacker can exploit this by sending a crafted GET request to retrieve arbitrary files from the underlying system...

0.00444EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.5 views

tQuadra CMS 安全漏洞

tQuadra CMS is a content management system from the Italian company tQuadra CMS. A security vulnerability exists in tQuadra CMS version 4.2.1117, which stems from the /styles path not being properly cleaned of user input, which could lead to a local file inclusion attack...

7.5CVSS6.3AI score0.00444EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/07 12:0 a.m.2 views

CVE-2025-60574

A Local File Inclusion LFI vulnerability has been identified in tQuadra CMS 4.2.1117. The issue exists in the "/styles/" path, which fails to properly sanitize user-supplied input. An attacker can exploit this by sending a crafted GET request to retrieve arbitrary files from the underlying system...

6.6AI score0.00444EPSS
Exploits1References1
CVE
CVE
added 2025/11/07 12:0 a.m.11 views

CVE-2025-60574

CVE-2025-60574 affects tQuadra CMS 4.2.1117. The vulnerability is a Local File Inclusion (LFI) in the "/styles/" path caused by insufficient sanitization of user input, enabling an attacker to retrieve arbitrary files from the underlying system via a crafted GET request. Connected sources consist...

7.5CVSS6.6AI score0.00444EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2025/11/05 12:0 a.m.2 views

WordPress Qi Blocks plugin missing authorization vulnerability

WordPress Qi Blocks plugin is a WordPress plugin developed by QodeInteractive, providing 81 customized Gutenberg blocks including 48 free modules and 33 premium modules, supporting WooCommerce, SEO and other 9 categories of functionality, creating complex layouts and integrating 550+ templates. A...

4.3CVSS7.1AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/02 5:44 a.m.12 views

CVE-2025-12180

The Qi Blocks plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.3. This is due to the plugin storing arbitrary CSS styles submitted via the qi-blocks/v1/update-styles REST API endpoint without proper sanitization in the updateglobalstylescallbac...

4.3CVSS6.3AI score0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/01 6:30 a.m.4 views

EUVD-2025-37424

The Qi Blocks plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.3. This is due to the plugin storing arbitrary CSS styles submitted via the qi-blocks/v1/update-styles REST API endpoint without proper sanitization in the updateglobalstylescallbac...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References4
NVD
NVD
added 2025/11/01 6:15 a.m.4 views

CVE-2025-12180

The Qi Blocks plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.3. This is due to the plugin storing arbitrary CSS styles submitted via the qi-blocks/v1/update-styles REST API endpoint without proper sanitization in the updateglobalstylescallbac...

4.3CVSS0.00214EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/01 5:40 a.m.7 views

CVE-2025-12180 Qi Blocks <= 1.4.3 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update

The Qi Blocks plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.3. This is due to the plugin storing arbitrary CSS styles submitted via the qi-blocks/v1/update-styles REST API endpoint without proper sanitization in the updateglobalstylescallbac...

4.3CVSS0.00214EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/01 5:40 a.m.3 views

CVE-2025-12180 Qi Blocks <= 1.4.3 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update

The Qi Blocks plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.3. This is due to the plugin storing arbitrary CSS styles submitted via the qi-blocks/v1/update-styles REST API endpoint without proper sanitization in the updateglobalstylescallbac...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References3
CVE
CVE
added 2025/11/01 5:40 a.m.14 views

CVE-2025-12180

CVE-2025-12180 – Qi Blocks (WordPress) | Normal mode Affected software: Qi Blocks plugin for WordPress (versions up to 1.4.3).Root cause: Missing authorization due to improper sanitization in the qi-blocks/v1/update-styles REST endpoint, handled in update_global_styles_callback().Impact: Authenti...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/01 12:0 a.m.6 views

PT-2025-44713

Name of the Vulnerable Software and Affected Versions Qi Blocks plugin for WordPress versions up to and including 1.4.3 Description The Qi Blocks plugin for WordPress is susceptible to a missing authorization issue. The plugin stores arbitrary CSS styles submitted through the...

4.3CVSS6.2AI score0.00214EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/11/01 12:0 a.m.5 views

WordPress plugin Qi Blocks 安全漏洞

WordPress Qi Blocks plugin is a WordPress plugin developed by QodeInteractive, providing 81 customized Gutenberg blocks including 48 free modules and 33 premium modules, supporting WooCommerce, SEO and other 9 categories of functionality, creating complex layouts and integrating 550+ templates. A...

4.3CVSS7AI score0.00214EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/30 5:38 p.m.4 views

Malicious code in epic-fortnite-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec12a2963a01211f4bcc3d1d1ad779f842b987405ca597a857f4283adcc6389f The package epic-fortnite-styles was found to contain malicious code...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/30 5:38 p.m.3 views

EUVD-2025-37145

Malicious code in epic-fortnite-styles npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/10/30 5:38 p.m.3 views

MAL-2025-49148 Malicious code in epic-fortnite-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec12a2963a01211f4bcc3d1d1ad779f842b987405ca597a857f4283adcc6389f The package epic-fortnite-styles was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/29 11:12 p.m.5 views

Malicious code in xo-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 44b06297a4f222643e8b7a977e7dfd944c0a2666d5066f0db0a61674b2ea84a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/29 11:12 p.m.2 views

Malicious Package

Overview xo-styles is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score
Exploits0References2
Rows per page
Query Builder