EUVD-2012-1061

Malware in sbrugna...

EUVD-2011-2904

Malware in sbrugna...

EUVD-2025-27653

Malicious code in bioql PyPI...

CVE-2025-9627 Run Log <= 1.7.10 - Cross-Site Request Forgery to Settings Update

The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on the oirlpluginoptions function. This makes it possible for unauthenticated attackers to modify plugin settings includi...

WordPress Run Log plugin <= 1.7.10 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Claw.k in WordPress Plugin Run Log versions = 1.7.10...

CVE-2023-26861

SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 and before allows a remote attacker to gain privileges via the vivawallet module...

CVE-2025-0281 Stored Cross-Site Scripting (XSS) in lunary-ai/lunary

A stored cross-site scripting XSS vulnerability exists in lunary-ai/lunary versions 1.6.7 and earlier. An attacker can inject malicious JavaScript into the SAML IdP XML metadata, which is used to generate the SAML login redirect URL. This URL is then set as the value of window.location.href witho...

BIT-VAULT-2022-25244

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10...

CVE-2023-45375

In the module "PireosPay" pireospay before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via PireosPayValidationModuleFrontController::postProcess...

PT-2023-29532 · Pireospay +1 · Pireospay +1

Name of the Vulnerable Software and Affected Versions: PireosPay versions prior to 1.7.10 Description: A SQL injection issue exists in the PireosPay module for PrestaShop, where a guest can perform SQL injection via the PireosPayValidationModuleFrontController::postProcess function...

Remote code execution

Logistics Pipes is a modification a.k.a. mod for the computer game Minecraft Java Edition. The mod used Java's ObjectInputStreamreadObject on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packet...

CVE-2023-23833

Auth. contributor+ Cross-Site Scripting XSS vulnerability in Steven Henty Drop Shadow Boxes plugin = 1.7.10 versions...

PT-2023-20832 · Prestashop +1 · Vivawallet +1

Name of the Vulnerable Software and Affected Versions: PrestaShop vivawallet versions 1.7.10 and earlier Description: A SQL injection issue allows a remote attacker to gain privileges via the vivawallet module. This could potentially lead to unauthorized access and control of the system...

WordPress Drop Shadow Boxes Plugin <= 1.7.10 is vulnerable to Cross Site Scripting (XSS)

Software Drop Shadow Boxes Type Plugin Vulnerable versions = 1.7.10 Fixed in 1.7.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23833 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a337a4af3925 Credits István Márton...

CVE-2023-22714

Cross-Site Request Forgery CSRF vulnerability in Supsystic Coming Soon by Supsystic plugin = 1.7.10 versions...

CVE-2023-22714 WordPress Coming Soon by Supsystic Plugin <= 1.7.10 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Supsystic Coming Soon by Supsystic plugin = 1.7.10 versions...

WordPress plugin Coming Soon by Supsystic 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

HashiCorp Vault 安全漏洞

Hashicorp HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp. A security vulnerability exists in HashiCorp Vault Enterprise, which arises when a Vault Enterprise cluster exposes a tokenized key via a tokenized key configuration endpoint to an operator with "read"...

Elgg SQL Injection Vulnerability

Elgg is a set of open source social networking engine. The product blog, file sharing, groups and other features. A SQL injection vulnerability exists in Elgg 1.7.10 and earlier versions. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based...

PYSEC-2015-22

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service session store consumption or session record removal via a large number of requests to...