Astra Linux - уязвимость в node-marked

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def might cause catastrophic backtracking against certain strings, leading to a regular expression denial of service ReDoS attack. Any user who runs untrusted markdown using a vulnerable version of...

CVE-2025-68500

The CVE-2025-68500 entry describes a Server-Side Request Forgery (SSRF) in the WordPress plugin Prime Slider – Addons For Elementor (bdthemes-prime-slider-lite). Affected component: bdthemes Prime Slider – Addons For Elementor, via the lite variant; vulnerable version range: up to and including 4...

WordPress plugin Prime Slider – Addons For Elementor 安全漏洞

WordPress Prime Slider - Addons For Elementor plugin is a free plugin for Elementor page builder designed to help users easily create various interactive responsive sliders. The WordPress Prime Slider - Addons For Elementor plugin suffers from a server-side request forgery vulnerability, which...

PT-2025-53078

Name of the Vulnerable Software and Affected Versions bdthemes Prime Slider – Addons For Elementor versions through 4.0.10 Description A Server-Side Request Forgery SSRF issue exists in bdthemes Prime Slider – Addons For Elementor. This allows for Server Side Request Forgery. The issue is present...

EUVD-2022-0473

Malicious code in bioql PyPI...

EUVD-2025-1696

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-7663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tifdirwrite.c in LibTIFF 4.0.10, affecting the...

CVE-2023-47837

Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10...

PT-2025-7850 · Booknetic · Booknetic

Name of the Vulnerable Software and Affected Versions: Booknetic versions prior to 4.0.10 Description: A Cross-Site Request Forgery CSRF issue has been identified. This issue allows an attacker to trick a user into performing unintended actions on a web application. Recommendations: For versions...

CVE-2024-33946

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPify s.R.O. WPify Woo Czech allows Reflected XSS.This issue affects WPify Woo Czech: from n/a through 4.0.10...

CVE-2025-0471 Unrestricted Upload of File with Dangerous Type vulnerability in PMB platform

Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to gain remote access to the machine, being able to access, modify and execute commands freely...

CVE-2025-0471

The CVE-2025-0471 entry concerns PMB platform unrestricted file upload allowing remote access and command execution. Affected versions include 4.0.10 and later (CNNVD cites up to 4.2.13). The underlying issue is unrestricted file upload in PMB platform, enabling an attacker to upload a file to ga...

PMB platform 代码问题漏洞

PMB platform is a free document management software from PMB Inc. A code issue vulnerability exists in PMB platform versions 4.0.10 through 4.2.13, which stems from the presence of an unrestricted file upload that could allow an attacker to upload a file in order to gain remote access to the...

WordPress plugin ARMember 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin WPify Woo Czech 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

Code injection

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device...

Design/Logic Flaw

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-connections and might result in a partial denial-of-service...

CVE-2023-37860 PHOENIX CONTACT: Missing Authorization in WP 6xxx Web panels

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon...

PHOENIX CONTACTs WP 6xxx series web panels Security Vulnerability

PHOENIX CONTACTs WP 6xxx series web panels are a series of web panels from PHOENIX CONTACTs, Germany. A security vulnerability exists in PHOENIX CONTACTs WP 6xxx series web panels prior to version 4.0.10, which originates from an SNMP daemon running with root privileges in the web panels, allowin...

Cross site request forgery (csrf)

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device...