VulnCheck KEV: CVE-2024-2879

The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the lsgetpopupmarkup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

EUVD-2026-24129

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

EUVD-2025-209540

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

CVE-2026-0972

CVE-2026-0972 concerns Fortra’s GoAnywhere MFT up to version 7.10.0. Connected sources document two concrete issues: 1) HTML injection in system-generated emails, and 2) the SFTP login limit is not enforced prior to 7.10.0 when a user logs in with an SSH key, potentially enabling brute-force key ...

CVE-2025-14362

Fortra GoAnywhere MFT SFTP service (before version 7.10.0) does not enforce login rate limiting for Web Users configured to authenticate with SSH keys, enabling brute-force attempts against the SSH key. Affected component: GoAnywhere MFT SFTP login mechanism. Root cause: absence of login limit en...

EUVD-2019-3193

Malware in sbrugna...

EUVD-2019-16708

Malware in sbrugna...

CVE-2025-54576

Observations on CVE-2025-54576 : OAuth2-Proxy versions up to 7.10.0 expose an authentication bypass when using skip_auth_routes with regex patterns, because skip_auth_routes can match the full request URI (path + query parameters) instead of only the path. This allows an attacker to craft URLs wi...

@abuenameh/parse-utils (>=1.1.3 <=1.1.3-1), @activity-maker/component-core-dependencies (>=1.8.0 <=1.16.0) +823 more potentially affected by CVE-2025-27789 via @babel/runtime-corejs3 (>=7.10.0 <=7.26.0)

@babel/runtime-corejs3 NPM version =7.10.0, =1.1.3, =1.8.0, =1.0.0, =2.1.0, =0.2.0, =1.0.5, =2.2.0, =0.0.18, =0.0.18, =0.0.18, =0.0.18, =0.0.19 and more Source cves: CVE-2025-27789 Source advisory: OSV:GHSA-968P-4WVH-CQC8...

CVE-2024-1441 affecting package libvirt for versions less than 7.10.0-8

CVE-2024-1441 affecting package libvirt for versions less than 7.10.0-8. A patched version of the package is available...

$5,500 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in LayerSlider WordPress Plugin

On March 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated SQL Injection vulnerability in LayerSlider, a WordPress plugin with more than 1,000,000 estimated active installations. This vulnerability can be leveraged to extract sensitive data fro...

CVE-2022-42954

Keyfactor EJBCA before 7.10.0 allows XSS...

Cross site scripting

Keyfactor EJBCA before 7.10.0 allows XSS...

CVE-2020-10701 affecting package libvirt for versions less than 7.10.0-1

CVE-2020-10701 affecting package libvirt for versions less than 7.10.0-1. An upgraded version of the package is available that resolves this issue...

ElasticSearch 7.13.3 - Memory disclosure Exploit

Exploit Title: ElasticSearch 7.13.3 - Memory disclosure Exploit Author: r0ny Vendor Homepage: https://www.elastic.co/ Software Link: https://github.com/elastic/elasticsearch Version: 7.10.0 to 7.13.3 Tested on: Kali Linux CVE : CVE-2021-22145 /usr/bin/python3 from argparse import ArgumentParser...

ElasticSearch 7.13.3 Memory Disclosure

Exploit Title: ElasticSearch 7.13.3 - Memory disclosure Date: 21/07/2021 Exploit Author: r0ny Vendor Homepage: https://www.elastic.co/ Software Link: https://github.com/elastic/elasticsearch Version: 7.10.0 to 7.13.3 Tested on: Kali Linux CVE : CVE-2021-22145 /usr/bin/python3 from argparse import...

Elastic Elasticsearch Memory Disclosure Vulnerability (ESA-2021-16)

Elasticsearch is prone to a memory disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Information disclosure

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emitrequestbody option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch...

CVE-2019-11522

OX App Suite 7.10.0 to 7.10.2 allows XSS...

Cross site scripting

OX App Suite 7.10.0 to 7.10.2 allows XSS...