CVE-2026-33545

MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst...

CVE-2026-3228 NextScripts: Social Networks Auto-Poster <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'nxs_fbembed' Shortcode

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nxsfbembed shortcode in all versions up to, and including, 4.4.6. This is due to insufficient input sanitization and output escaping on the snapFB post meta value. This makes it...

CVE-2025-13367

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes in all versions up to, and including, 4.4.6 due to...

PT-2025-51223

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes in all versions up to, and including, 4.4.6 due to...

CVE-2025-62175

Mastodon is a free, open-source social network server based on ActivityPub. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user account does not disconnect the account from the streaming API. This allows disabled or suspended accounts to continue receiving real-time updat...

CVE-2025-62176 Mastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channels

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...

CVE-2025-62174 Mastodon allows continued access after password reset via CLI

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, when an administrator resets a user account's password via the command-line interface using bin/tootctl accounts modify --reset-password, active sessions and access tokens for...

PT-2025-41808

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.4.6 Mastodon versions prior to 4.3.14 Mastodon versions prior to 4.2.27 Description Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.4.6, 4.3.14, and 4.2.27, disabling...

EUVD-2007-1469

Malware in sbrugna...

EUVD-2020-21551

Malware in sbrugna...

EUVD-2023-1461

Malicious code in bioql PyPI...

EUVD-2025-24689

Malicious code in bioql PyPI...

EUVD-2023-1487

Malicious code in bioql PyPI...

CVE-2025-54705

Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through = 4.4.6...

CVE-2025-54705

CVE-2025-54705 is a Missing Authorization vulnerability in the WordPress plugin WpEvently (MagePeopleTeam) affecting versions up to 4.4.6. The issue stems from incorrectly configured access control, enabling a Broken Access Control scenario as described in multiple sources. The CVSS 3.1 base scor...

PT-2025-33257 · WordPress · Wpevently

Name of the Vulnerable Software and Affected Versions: WpEvently versions through 4.4.6 Description: The software contains a missing authorization flaw due to incorrectly configured access control security levels. Recommendations: Update WpEvently to a version later than 4.4.6...

WordPress WpEvently plugin <= 4.4.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin WpEvently versions = 4.4.6...

DEBIAN-CVE-2025-5601

Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file...

CVE-2023-33197

Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting XSS can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6...

CVE-2023-33195

Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6...