69 matches found
CVE-2025-14941
The GZSEO plugin for WordPress is vulnerable to authorization bypass leading to Stored Cross-Site Scripting in all versions up to, and including, 2.0.11. This is due to missing capability checks on multiple AJAX handlers combined with insufficient input sanitization and output escaping on the...
CVE-2025-14941
The GZSEO plugin for WordPress is vulnerable to authorization bypass leading to Stored Cross-Site Scripting in all versions up to, and including, 2.0.11. This is due to missing capability checks on multiple AJAX handlers combined with insufficient input sanitization and output escaping on the...
CVE-2025-14941
The GZSEO plugin for WordPress is vulnerable to authorization bypass leading to Stored Cross-Site Scripting in all versions up to, and including, 2.0.11. This is due to missing capability checks on multiple AJAX handlers combined with insufficient input sanitization and output escaping on the...
CVE-2025-14941
The CVE CVE-2025-14941 affects the WordPress plugin GZSEO (versions up to and including 2.0.11). The authenticated attacker (Contributor+ level) can bypass authorization due to missing capability checks on multiple AJAX handlers and insufficient input sanitization/output escaping on the embed_cod...
WordPress GZSEO plugin <= 2.0.11 - Authenticated (Contributor+) Authorization Bypass to Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Authorization Bypass to Stored Cross-Site Scripting vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin GZSEO versions = 2.0.11...
WordPress plugin GZSEO has a cross-site scripting vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-64104
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization,...
CVE-2025-64104
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization,...
CVE-2025-64104
LangGraph SQLite Checkpoint (SqliteStore) has a SQL injection vulnerability due to direct string concatenation when building JSON path-based filters. Effective prior to version 2.0.11, this flaw could allow attackers with local privileges to inject arbitrary SQL and bypass access controls. The is...
CVE-2025-64104 LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization,...
EUVD-2021-21305
Malware in sbrugna...
EUVD-2008-0675
Malware in sbrugna...
EUVD-2025-3442
Malicious code in bioql PyPI...
EUVD-2024-27748
Malicious code in bioql PyPI...
EUVD-2023-0800
Malicious code in bioql PyPI...
EUVD-2023-0754
Malicious code in bioql PyPI...
CVE-2024-50446
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FuturioWP Futurio Extra futurio-extra.This issue affects Futurio Extra: from n/a through = 2.0.11...
PT-2025-6555 · WordPress · Wp-Formassembly
Name of the Vulnerable Software and Affected Versions: WP-FormAssembly plugin for WordPress versions up to, and including, 2.0.11 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'formassembly' shortcode due to insufficient input sanitization and output escaping o...
CVE-2024-43127
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPFactory Products, Order & Customers Export for WooCommerce allows Reflected XSS.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through 2.0.11...
CVE-2025-23810
Cross-Site Request Forgery CSRF vulnerability in Igor Sazonov Len Slider len-slider allows Reflected XSS.This issue affects Len Slider: from n/a through = 2.0.11...