271 matches found
CVE-2025-63724
SVX Portal 2.7A has a SQL injection in the admin/update_setings.php endpoint triggered by crafted POST requests. The vulnerability affects the portal’s server-side handling of input and can lead to unauthorized query manipulation. References from multiple sources corroborate the issue for version...
CVE-2025-63724
SQL injection SQL-i vulnerability in SVX Portal 2.7A via crafted POST request to admin/updatesetings.php...
CVE-2025-63724
SQL injection SQL-i vulnerability in SVX Portal 2.7A via crafted POST request to admin/updatesetings.php...
CVE-2025-12400
The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the managepage function. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2025-12400
The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the managepage function. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2025-12389
CVE-2025-12389 affects the WordPress plugin Import Export For WooCommerce. The vulnerability is an unauthorized data modification flaw caused by a missing capability check in update_setting(), present in all versions up to and including 1.6.2. Exploitation requires authenticated access at Subscri...
CVE-2025-12389 Import Export For WooCommerce <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update
The Import Export For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatesetting function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access a...
EUVD-2021-23454
Malware in sbrugna...
EUVD-2023-53920
Malicious code in bioql PyPI...
EUVD-2025-30306
Malicious code in bioql PyPI...
EUVD-2025-25063
Malicious code in bioql PyPI...
EUVD-2023-34672
Malicious code in bioql PyPI...
EUVD-2025-25734
Malicious code in bioql PyPI...
EUVD-2025-25070
Malicious code in bioql PyPI...
EUVD-2023-33605
Malicious code in bioql PyPI...
CVE-2025-9884
The CVE-2025-9884 entry concerns the WordPress plugin Mobile Site Redirect (versions up to and including 1.2.1). The issue is a Cross-Site Request Forgery (CSRF) that, due to missing or incorrect nonce validation, can allow unauthenticated attackers to induce a site administrator to perform actio...
CVE-2025-9946
The LockerPress – WordPress Security Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and...
CVE-2025-9882
The osTicket WP Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...
CVE-2025-9883
The Browser Sniff plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web script...
CVE-2025-9883
The Browser Sniff plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web script...