CVE-2023-25654

baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution RCE Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch...

CVE-2023-25655

baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch...

CVE-2022-27861

Unauth. Open Redirect vulnerability in Arscode Ninja Popups plugin = 4.7.5 versions...

EUVD-2020-29372

Malware in sbrugna...

EUVD-2023-1060

Malicious code in bioql PyPI...

EUVD-2023-1023

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-9065

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API. CVE-2017-9065 Note that Nessus relies on the presence of...

CVE-2022-48114

RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable...

CVE-2025-47496

CVE-2025-47496 : WordPress plugin PublishPress Authors (

CVE-2024-27968

Cross-Site Request Forgery CSRF vulnerability in Optimole Super Page Cache for Cloudflare allows Stored XSS.This issue affects Super Page Cache for Cloudflare: from n/a through 4.7.5...

PT-2024-38655 · WordPress · Wp Ulike

Name of the Vulnerable Software and Affected Versions: WP ULike WordPress plugin versions prior to 4.7.5 Description: The issue is related to the WP ULike WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow high-privilege users, such as editors, to...

WordPress plugin Jupiter X Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

CVE-2024-37386

An issue was discovered in Stormshield Network Security SNS 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0. Certain manipulations allow restarting in single-user mode despite the activation of secure boot. The following versions fix this: 4.3.27, 4.7.6, and 4.8.2...

WordPress Jobmonster theme <= 4.7.5 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Dave Jong Patchstack in WordPress Theme Jobmonster versions = 4.7.5...

WordPress Plugin Arscode Ninja Popups Input Validation Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

Openfire Authentication Bypass / Remote Code Execution Exploit

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

GHSA-GW42-F939-FHVM Administration Console authentication bypass in openfire xmppserver

An important security issue affects a range of versions of Openfire, the cross-platform real-time collaboration server based on the XMPP protocol that is created by the Ignite Realtime community. Impact Openfire's administrative console the Admin Console, a web-based application, was found to be...

Administration Console authentication bypass in openfire xmppserver

An important security issue affects a range of versions of Openfire, the cross-platform real-time collaboration server based on the XMPP protocol that is created by the Ignite Realtime community. Impact Openfire's administrative console the Admin Console, a web-based application, was found to be...

PT-2023-17224 · Canon · Canon Ij Network Tool +1

Name of the Vulnerable Software and Affected Versions: Canon IJ Network Tool versions 4.7.5 and earlier IJ Network Tool versions 4.7.3 and earlier Description: The issue allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the...

baserCMS vulnerable to arbitrary file uploads

Overview baserCMS provided by baserCMS Users Community allows an authenticated user to upload arbitrary files CWE-434. Taisei Inoue of GMO Cybersecurity by Ierae, Inc. and Yusuke Akagi of Mitsui Bussan Secure Directions, Inc., Shiga Takuma of BroadBand Security, Inc. reported this vulnerability t...