EUVD-2025-10949

Malicious code in bioql PyPI...

EUVD-2025-6649

Malicious code in bioql PyPI...

EUVD-2025-11364

Malicious code in bioql PyPI...

CVE-2024-37237

Cross-Site Request Forgery CSRF vulnerability in fs-code FS Poster fs-poster allows Cross Site Request Forgery.This issue affects FS Poster: from n/a through = 6.5.8...

CVE-2025-30962

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fs-code FS Poster fs-poster allows Reflected XSS.This issue affects FS Poster: from n/a through = 6.5.8...

CVE-2025-30960

Missing Authorization vulnerability in fs-code FS Poster fs-poster.This issue affects FS Poster: from n/a through = 6.5.8...

CVE-2025-30962

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fs-code FS Poster fs-poster allows Reflected XSS.This issue affects FS Poster: from n/a through = 6.5.8...

CVE-2025-30962 WordPress FS Poster plugin <= 6.5.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fs-code FS Poster fs-poster allows Reflected XSS.This issue affects FS Poster: from n/a through = 6.5.8...

CVE-2024-37237 WordPress FS Poster plugin <= 6.5.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in FS-code FS Poster allows Cross Site Request Forgery.This issue affects FS Poster: from n/a through 6.5.8...

CVE-2024-37237

CVE-2024-37237 is a CSRF vulnerability reported for the WordPress FS Poster plugin, affecting versions up to 6.5.8. The vulnerability description states a Cross-Site Request Forgery issue in FS Poster, but the provided documents do not specify the root cause detail beyond CSRF, nor confirm a patc...

WordPress plugin FS Poster 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

MAL-2024-10805 Malicious code in seller-pure-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 924c57b004a67cf8549a22da58c4ad78093283c6dc0bf73ab25aee9aa082110f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10768 Malicious code in polaris-report (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 28f78c9a4b910eaa965460101ee58ef71fa917358a0c9e7a5be01ae875e152b5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in people-ats-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 64e0fee4f6a0a0bf955286caec236cb6fd226322649fd02497b95d91f14b4f7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10757 Malicious code in markservice (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 967b4b4c0264a9fff8d309834b2a12350b0db8f50f86f487903ce1556d628d6d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10751 Malicious code in listing-uss-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5bdefff07d9e9bd5fa8b0b524652775ca14bf5851937f5fa73f1e783996ad940 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in hubot-hangouts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a411a5e1860f7c3e70679f26150c8bc5300c4e1545d0b6e53e9794171a5529a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2022-21321 · WordPress · Import All Xml

Name of the Vulnerable Software and Affected Versions: Import all XML, CSV & TXT WordPress plugin versions prior to 6.5.8 Description: The issue concerns a lack of authorization in certain areas of the plugin, potentially allowing any authenticated users to access specific features if they obtain...

WordPress Import all XML, CSV & TXT plugin <= 6.5.7 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Sanjay Das in WordPress Import all XML, CSV & TXT plugin versions = 6.5.7. Solution Update the WordPress WP Ultimate CSV Importer plugin to the latest available version at least 6.5.8...

PT-2022-20519 · Guzzle · Guzzle

Name of the Vulnerable Software and Affected Versions: Guzzle versions prior to 6.5.8 Guzzle versions prior to 7.4.5 Description: Guzzle, an extensible PHP HTTP client, has a issue where Authorization and Cookie headers on requests are sensitive information. In affected versions, when making a...