EUVD-2015-9308

Malware in sbrugna...

EUVD-2012-6594

Malware in sbrugna...

EUVD-2025-5762

Malicious code in bioql PyPI...

CVE-2025-10393

A flaw has been found in miurla morphic up to 0.4.5. This impacts the function fetchHtml of the file /api/advanced-search of the component HTTP Status Code 3xx Handler. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been...

CVE-2025-10393

CVE-2025-10393 affects miurla morphic up to 0.4.5. The flaw resides in the fetchHtml function of the file /api/advanced-search in the HTTP Status Code 3xx Handler component, enabling server-side request forgery. The issue is exploitable remotely and is supported by published exploit information. ...

CVE-2012-10045

XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST...

CVE-2012-10045

XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST...

CVE-2012-10045 XODA 0.4.5 Arbitrary PHP File Upload

XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST...

Sourceforge XODA 安全漏洞

Sourceforge XODA is a file management software from Sourceforge open source. A security vulnerability exists in Sourceforge XODA version 0.4.5, which stems from the upload feature not validating file types, and could lead to arbitrary file uploads and remote code execution...

PT-2025-32398 · Xoda · Xoda

Name of the Vulnerable Software and Affected Versions: XODA version 0.4.5 Description: XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to...

WordPress StaticPress plugin <= 0.4.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin StaticPress versions = 0.4.5...

WordPress plugin StaticPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-23446 WordPress WP SpaceContent plugin <= 0.4.5 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in KokoenDE WP SpaceContent wp-spacecontent allows Stored XSS.This issue affects WP SpaceContent: from n/a through = 0.4.5...

CVE-2025-23446

CVE-2025-23446 affects the WordPress NotFound WP SpaceContent plugin (versions up to and including 0.4.5). The issue is a CSRF vulnerability that enables Stored XSS. Root cause: CSRF allows an attacker to trigger and store script injections within SpaceContent content. Affected products/functions...

WordPress plugin NotFound WP SpaceContent 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2022-2651

Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5...

WordPress Step by Step plugin <= 0.4.5 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Step by Step versions = 0.4.5...

Privilege escalation

capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by capsule-proxy gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example consider two tenants solar...

com.adform:stream-loader-clickhouse_2.13 (>=0.2.5 <=0.2.12), com.clickhouse:clickhouse-benchmark (>=0.3.2 <=0.3.2-test3) +30 more potentially affected by CVE-2024-23689 via com.clickhouse:clickhouse-jdbc (>=0.3.2-patch1 <=0.4.5)

com.clickhouse:clickhouse-jdbc MAVEN version =0.3.2-patch1, =0.2.5, =0.3.2, =0.0.1.2023070401.Alpha, =0.0.1.2023070401.Alpha, =0.0.1.2023061901.Alpha, =0.0.1.2023052301.Alpha, =4.0.0, =4.1.0, =4.1.1, =1.0-ds, =1.0.0.20221015, =1.6.0, =1.9.0 - io.github.artjourney:janusgraph-clickhouse =0.1.0 and...

WordPress plugin GTmetrix for WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...