WordPress Blog2Social: Social Media Auto Post & Scheduler plugin <= 8.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Deletion via 'b2s_reset_social_meta_tags' AJAX Action vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Meta Deletion via 'b2sresetsocialmetatags' AJAX Action vulnerability discovered by s00me00ne in WordPress Plugin Blog2Social versions = 8.8.2...

CVE-2022-31654

VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations...

EUVD-2021-1201

Malware in sbrugna...

EUVD-2017-11181

Malware in sbrugna...

EUVD-2023-44653

Malicious code in bioql PyPI...

EUVD-2023-44655

Malicious code in bioql PyPI...

EUVD-2025-19601

Malicious code in bioql PyPI...

CVE-2025-49144 Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path

Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social...

CVE-2025-49144 Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path

Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social...

CVE-2017-20191

A vulnerability was found in Zimbra zm-admin-ajax up to 8.8.1. It has been classified as problematic. This affects the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js of the component Form Textbox Field Error Handler. The manipulation of the argument...

CVE-2017-20191

The vulnerability CVE-2017-20191 affects Zimbra zm-admin-ajax up to version 8.8.1, specifically the XFormItem.prototype.setError function in WebRoot/js/ajax/dwt/xforms/XFormItem.js (Form Textbox Field Error Handler). The issue arises from manipulating the argument message, enabling cross-site scr...

CVE-2017-20188

A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and classified as problematic. Affected by this vulnerability is the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js. The manipulation of the argument message leads to cross site scripting. The...

VulnCheck KEV: CVE-2023-42657

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations delete, rename, rmdir, mkdir on files and folders outside of their authorized WSFTP folder path. Attackers could...

CVE-2023-40048 WS_FTP Server Cross-Site Request Forgery (CSRF) Vulnerability

In WSFTP Server version prior to 8.8.2, the WSFTP Server Manager interface was missing cross-site request forgery CSRF protection on a POST transaction corresponding to a WSFTP Server administrative function...

CVE-2023-40048 WS_FTP Server Cross-Site Request Forgery (CSRF) Vulnerability

In WSFTP Server version prior to 8.8.2, the WSFTP Server Manager interface was missing cross-site request forgery CSRF protection on a POST transaction corresponding to a WSFTP Server administrative function...

CVE-2023-40047 WS_FTP Server Stored Cross-Site Scripting Vulnerability

In WSFTP Server version prior to 8.8.2, a stored cross-site scripting XSS vulnerability exists in WSFTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads. Once the cross-site...

CVE-2023-40046 WS_FTP Server SQL Injection via Administrative Interface

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WSFTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements...

PT-2022-14056 · Forcepoint · Forcepoint Email Security +4

Name of the Vulnerable Software and Affected Versions: Forcepoint Data Loss Prevention DLP versions prior to 8.8.2 Forcepoint One Endpoint F1E with Policy Engine versions prior to 8.8.2 Forcepoint Web Security Content Gateway versions prior to 8.5.5 Forcepoint Email Security with DLP enabled...

VMware vRealize Log Insight 8.x < 8.8.2 XSS (VMSA-2022-0019)

The VMware vRealize Log Insight application running on the remote host is 8.0.0 or later but prior to 8.8.2. It is, therefore, affected by multiple XSS vulnerabilities. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C...

CVE-2022-31655

VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts...