CVE-2025-59384

A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qfiling 3.13.1 and later...

CVE-2025-59384

A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qfiling 3.13.1 and later...

CVE-2025-59384

CVE-2025-59384 affects QNAP Qfiling prior to version 3.13.1. A path traversal flaw allows remote attackers to read arbitrary files or system data. The issue is fixed in Qfiling 3.13.1 and later. The CVSS metrics in the initial document indicate high impact with network attack potential and no use...

CVE-2025-59384 Qfiling

A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qfiling 3.13.1 and later...

CVE-2025-59384 Qfiling

A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qfiling 3.13.1 and later...

CVE-2025-64709

Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery SSRF vulnerability in the Typebot webhook block HTTP Request component functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance...

CVE-2025-64709

Typebot (open-source chatbot builder) contains an SSRF flaw in the webhook block’s HTTP Request component affecting versions before 3.13.1. The issue lets authenticated users cause server-side HTTP requests, bypass IMDSv2 via custom header injection, and extract temporary AWS IAM credentials for ...

CVE-2025-64709 Typebot May Expose AWS EKS Credentials via Server Side Request Forgery in Webhook Block

Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery SSRF vulnerability in the Typebot webhook block HTTP Request component functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance...

CVE-2025-64286

Cross-Site Request Forgery CSRF vulnerability in WpEstate WP Rentals wprentals allows Cross Site Request Forgery.This issue affects WP Rentals: from n/a through = 3.13.1...

EUVD-2025-36608

Cross-Site Request Forgery CSRF vulnerability in WpEstate WP Rentals wprentals allows Cross Site Request Forgery.This issue affects WP Rentals: from n/a through = 3.13.1...

CVE-2025-64286

CVE-2025-64286 is a Cross-Site Request Forgery (CSRF) vulnerability affecting WordPress plugin/theme variants of WP Rentals (WP Estate/Wprentals) up to version 3.13.1. Multiple connected sources confirm the issue and reference affected software: WordPress WP Rentals theme/plugin, with advisories ...

CVE-2025-64286 WordPress WP Rentals theme <= 3.13.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WpEstate WP Rentals wprentals allows Cross Site Request Forgery.This issue affects WP Rentals: from n/a through = 3.13.1...

EUVD-2025-24896

Malicious code in bioql PyPI...

EUVD-2025-8405

Malicious code in bioql PyPI...

CVE-2025-53330

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WpEstate WP Rentals wprentals allows Stored XSS.This issue affects WP Rentals: from n/a through = 3.16.1...

CVE-2025-53330 WordPress WP Rentals theme <= 3.16.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WpEstate WP Rentals wprentals allows Stored XSS.This issue affects WP Rentals: from n/a through = 3.16.1...

CVE-2025-53330

CVE-2025-53330 : WP Rentals WordPress theme (up to 3.13.1) has stored XSS due to improper input neutralization during web page generation. This can enable cross-site scripting within affected sites using the WP Rentals theme. Remediation: upgrade to a fixed version (Patchstack lists 3.16.1 as the...

CVE-2025-53330 WordPress WP Rentals theme <= 3.16.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WpEstate WP Rentals wprentals allows Stored XSS.This issue affects WP Rentals: from n/a through = 3.16.1...

PT-2025-33371 · WordPress · Wp Rentals

Name of the Vulnerable Software and Affected Versions: WP Rentals versions through 3.13.1 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS. Recommendations: Update WP Rentals to a version late...

CVE-2025-30765

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPPOOL FlexStock stock-sync-with-google-sheet-for-woocommerce allows Blind SQL Injection.This issue affects FlexStock: from n/a through = 3.13.1...