EUVD-2017-8684

Malware in sbrugna...

EUVD-2024-50279

Malicious code in bioql PyPI...

CVE-2024-31924

Cross-Site Request Forgery CSRF vulnerability in nosilver4u EWWW Image Optimizer ewww-image-optimizer.This issue affects EWWW Image Optimizer: from n/a through = 7.2.3...

CVE-2022-30935

An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed...

WordPress plugin hashtagger 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-30909

Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through = 7.2.3...

WordPress Conversios.io plugin <= 7.2.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Conversios.io versions = 7.2.3...

WordPress Booster for WooCommerce plugin <= 7.2.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Booster for WooCommerce versions = 7.2.3...

Malicious code in cs-deploy-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc924b01d9d1492c726482e9cfb4985b29cfd9c8771d907af44c2d7351d1ff36 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2024-33209 · Wofit · Wofit

Name of the Vulnerable Software and Affected Versions: WoFit version 7.2.3 Description: The issue allows a remote attacker to obtain sensitive information via the firmware update process. Recommendations: For WoFit version 7.2.3, at the moment, there is no information about a newer version that...

Really Simple SSL < 8.0.0 - Admin+ Server-Side Request Forgery

Description The Really Simple SSL plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.2.3. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating...

PT-2024-23869 · Unknown · Really Simple Ssl

Name of the Vulnerable Software and Affected Versions: Really Simple SSL versions through 7.2.3 Description: The issue is a Server-Side Request Forgery SSRF vulnerability. This means an attacker can potentially trick the server into making unauthorized requests, leading to various malicious...

WordPress Really Simple SSL Plugin <= 7.2.3 is vulnerable to Server Side Request Forgery (SSRF)

Software Really Simple SSL Type Plugin Vulnerable versions = 7.2.3 Fixed in 8.0.0 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-31229 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID 76c7c2d9a771 Credits Anan...

PT-2024-24287 · Unknown · Ewww Image Optimizer

Name of the Vulnerable Software and Affected Versions: EWWW Image Optimizer versions through 7.2.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability in the EWWW Image Optimizer. This type of vulnerability allows an attacker to trick a user into performing unintended action...

CVE-2023-42791

A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests...

CVE-2023-42787

A client-side enforcement of server-side security CWE-602 vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution...

PT-2023-27780 · Ember · Ember Znet

Name of the Vulnerable Software and Affected Versions: Ember ZNet versions 7.1.3 through 7.1.5 Ember ZNet versions 7.2.0 through 7.2.3 Description: The issue is related to TouchLink packets being processed after a timeout or out of range due to Operation on a Resource after Expiration and Missing...

CVE-2022-43947

An improper restriction of excessive authentication attempts vulnerability CWE-307 in Fortinet FortiOS version 7.2.0 through 7.2.3 and before 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 administrative interface allows an attacker with a valid user account to perform brute-forc...

CVE-2022-30935

An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed...

Security Bulletin: IBM Db2 Big SQL is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45046, CVE-2021-45105)

Summary Apache Log4j is used by IBM Db2 Big SQL as part of its logging infrastructure. IBM Db2 Big SQL is vulnerable to arbitrary code execution and denial of service due to Apache Log4j CVE-2021-45046, CVE-2021-45105. The fix includes Apache Log4j 2.17.1 Vulnerability Details CVEID: CVE-2021-451...