CVE-2025-15041 BackWPup <= 5.6.2 - Authenticated (BackWPup Helper+) Privilege Escalation via Arbitrary Options Update

The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the savesiteoption function in all versions up to, and including, 5.6.2. This makes it possible for...

CVE-2025-15041

The CVE refers to BackWPup – WordPress Backup & Restore Plugin for WordPress, where a missing capability check in save_site_option() in versions

SUSE CVE-2026-22775

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.1.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

CVE-2026-22774

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

CVE-2026-22775

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.1.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

CVE-2026-22774

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

EUVD-2026-2790

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

EUVD-2020-24033

Malware in sbrugna...

EUVD-2022-15647

Malicious code in bioql PyPI...

EUVD-2022-15648

Malicious code in bioql PyPI...

EUVD-2022-15651

Malicious code in bioql PyPI...

EUVD-2024-2373

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-0518

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2. CVE-2022-0518 Note that Nessus relies on the presence of the package as report...

CVE-2022-43216

AbrhilSoft Employee's Portal before v5.6.2 was discovered to contain a SQL injection vulnerability in the login page...

PT-2024-13648 · WordPress · Gfazioli Wp Cleanfix

Name of the Vulnerable Software and Affected Versions: Gfazioli WP Cleanfix versions through 5.6.2 Description: The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. This enables potential unauthorized access...

PT-2024-30793 · Unknown · The Plus Addons For Elementor Page Builder

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor Page Builder Lite versions 5.6.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels...

SUSE CVE-2024-47611

XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows MinGW-w64 or MSVC, the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters for exampl...

PT-2024-39185 · Unknown · Shandong Star Measurement/Control Equipment Heating Network Wireless Monitoring System

Name of the Vulnerable Software and Affected Versions: Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System version 5.6.2 Description: A critical issue was found in the system, affecting the GetDataKindByType function of the file /DataSrvs/UCCGSrv.asmx. This...

WordPress The Plus Addons for Elementor plugin <= 5.6.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Michael Patchstack Alliance in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.6.2...

PT-2024-37731 · Elementor · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor versions up to, and including, 5.6.2 Description: The issue is related to Stored Cross-Site Scripting via the res width value parameter within the plugin's tp page scroll widget due to insufficient input...