Exploit for CVE-2026-8181

EN: Controlled PoC and brief technical notes for authorized secu...

CVE-2025-62602

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow,...

CVE-2025-64438

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, a remotely triggerable Out-of-Memory OOM denial-of-service exists in Fast -DDS when processing RTPS GAP submessages under RELIABLE QoS. B...

CVE-2025-62603

Fast DDS (DDS security) CVE-2025-62603 arises from the CDR parser deserializing the entire DataHolderSeq in ParticipantGenericMessage, allowing an out-of-memory condition and remote termination. Affected versions prior to the patch (3.4.1, 3.3.1, 2.6.11) are addressed by the vendor, and remediati...

NiceGUI 跨站脚本漏洞

NiceGUI is an easy-to-use, Python-based UI framework from NiceGUI Open Source. A cross-site scripting vulnerability exists in NiceGUI versions 2.22.0 through 3.4.1, which stems from an insecure implementation of the pushstate event listener that could lead to the manipulation of URL fragment...

NiceGUI 安全漏洞

NiceGUI is an easy-to-use, Python-based UI framework open-sourced by NiceGUI. A security vulnerability exists in NiceGUI versions v2.10.0 through 3.4.1, which originates from an unauthenticated attacker who can exhaust Redis connections, potentially resulting in a service degradation...

EUVD-2023-35403

Malicious code in bioql PyPI...

EUVD-2025-30647

Malicious code in bioql PyPI...

WordPress Qwery Theme <= 3.4.1 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Bonds Patchstack Alliance in WordPress Theme Qwery versions = 3.4.1...

VulnCheck KEV: CVE-2023-5815

The News & Blog Designer Pack – WordPress Blog Plugin — Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdpgetmorepost...

Linux Distros Unpatched Vulnerability : CVE-2025-1647

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue...

DEBIAN-CVE-2025-1647

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0...

de.digitalcollections:iiif-bookshelf-webapp (>=3.1.1 <=4.0.0), net.aequologica.neo:dagr-vebchar (=0.5.2-alpha) +43 more potentially affected by CVE-2025-1647 via org.webjars.npm:bootstrap (>=3.4.1 <=4.0.0-beta.3)

org.webjars.npm:bootstrap MAVEN version =3.4.1, =3.1.1, =1.0.5, =1.0.4, =0.1.0, =0.5.0 - org.webjars.npm:bootstrap-print =3.1.2 - org.webjars.npm:bootstrap-social =5.1.1 - org.webjars.npm:bootstrap-sweetalert =1.0.1 - org.webjars.npm:bootstrap-tour =0.12.0 -...

CVE-2025-1647

CVE-2025-1647 is an XSS vulnerability in Bootstrap affecting 3.4.1 up to 4.0.0, due to improper input neutralization in the Popover and Tooltip components. Several sources confirm affected versions and public advisories (Debian DLA-4204-1, GHSA advisory, Debian security tracker, and CVE records)....

PT-2025-6551 · WordPress · Ltl Freight Quotes – For Customers Of Fedex Freight

Name of the Vulnerable Software and Affected Versions: LTL Freight Quotes – For Customers of FedEx Freight plugin for WordPress versions up to, and including, 3.4.1 Description: The issue concerns a SQL injection vulnerability via the edit id and dropship edit id parameters. This vulnerability is...

PT-2025-1484 · WordPress · Wp Job Openings

Name of the Vulnerable Software and Affected Versions: WP Job Openings versions 3.4.1 and earlier Description: The issue is related to a Missing Authorization vulnerability in WP Job Openings, which allows exploiting incorrectly configured access control security levels. Recommendations: For WP J...

WordPress plugin gap-hub-user-role 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

KubeSphere 安全漏洞

KubeSphere is KubeSphere open source a distributed operating system built on top of Kubernetes for cloud-native applications. A security vulnerability exists in KubeSphere version v3.4.1 and v4.1.1. An attacker can exploit the vulnerability to access sensitive resources...

PT-2024-24425 · Paystack · Payment Forms For Paystack

Name of the Vulnerable Software and Affected Versions: Paystack Payment Forms for Paystack versions 3.4.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS, where an attacker...

PT-2024-15882 · WordPress · Watu Quiz

Name of the Vulnerable Software and Affected Versions: Watu Quiz plugin for WordPress versions up to, and including, 3.4.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'watu-basic-chart' shortcode due to insufficient input sanitization and output escaping on...