EUVD-2025-30594

Malicious code in bioql PyPI...

PT-2025-33181 · Unknown · Inspectlet

Name of the Vulnerable Software and Affected Versions: Inspectlet versions n/a through 2.0 Description: Improper neutralization of input during web page generation allows for stored cross-site scripting XSS. Recommendations: At the moment, there is no information about a newer version that contai...

PT-2025-16069 · Vertim · Vertim Neon Product Designer

Name of the Vulnerable Software and Affected Versions: vertim Neon Product Designer versions n/a through 2.1.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

PT-2025-14040 · Unknown · Nmedia Mailchimp

Name of the Vulnerable Software and Affected Versions: Nmedia MailChimp versions n/a through 5.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means an attacker can inject malicio...

PT-2025-5912 · WordPress · Easy Wp Tiles

Name of the Vulnerable Software and Affected Versions: Easy WP Tiles versions n/a through 1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicio...

PT-2025-5954 · Infusionsoft · Infusionsoft Analytics

Name of the Vulnerable Software and Affected Versions: Infusionsoft Analytics versions n/a through 2.0 Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized requests. Recommendations: For versions n/a through 2.0, update to a version that includes a fix...

PT-2025-5132 · Unknown · Notfound Legal

Name of the Vulnerable Software and Affected Versions: NotFound Legal + versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected cross-site scripting XSS. This enables attackers to inject malicious script...

PT-2025-5180 · Ivo Brett · Applymetrics Apply With Linkedin Buttons

Name of the Vulnerable Software and Affected Versions: Ivo Brett – ApplyMetrics Apply with LinkedIn buttons versions n/a through 2.3 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting'. This allows for DOM-Based XS...

PT-2025-4462 · Rto Gmbh · Dynamictags

Name of the Vulnerable Software and Affected Versions: RTO GmbH DynamicTags versions n/a through 1.4.0 Description: The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, due to improper neutralization of special elements used in SQL commands. This allows an...

PT-2025-4543 · Unknown · Affiliate Disclosure Statement

Name of the Vulnerable Software and Affected Versions: Affiliate Disclosure Statement versions n/a through 0.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Cross Site Request Forgery. This is a type of attack where an attacker tricks a user into performing...

PT-2025-4547 · Greg Whitehead · Norse Rune Oracle Plugin

Name of the Vulnerable Software and Affected Versions: Greg Whitehead Norse Rune Oracle Plugin versions n/a through 1.4.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows for Cross Site Request Forgery. This means an attacker can trick a user into performing...

PT-2025-3180 · Foliovision · Fv Descriptions

Name of the Vulnerable Software and Affected Versions: Foliovision FV Descriptions versions n/a through 1.4 Description: The issue affects Foliovision FV Descriptions, allowing Reflected XSS due to improper neutralization of input during web page generation. This is a type of Cross-site Scripting...

PT-2024-36739 · Social · Sinking Dropdowns

Name of the Vulnerable Software and Affected Versions: Sinking Dropdowns versions n/a through 1.25 Description: A Cross-Site Request Forgery CSRF vulnerability is present in Yonatan Reinberg of Social Ink's Sinking Dropdowns, allowing Privilege Escalation. Recommendations: For versions n/a throug...

PT-2024-36694 · Unknown · Mighty Digital Partners

Name of the Vulnerable Software and Affected Versions: Mighty Digital Partners versions n/a through 0.2.0 Description: The issue is related to an Improperly Controlled Modification of Object Prototype Attributes, also known as 'Prototype Pollution', which allows Object Injection. This enables...

PT-2024-36328 · Unknown · Gaxx Keywords

Name of the Vulnerable Software and Affected Versions: Gaxx Keywords versions n/a through 0.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

PT-2024-36274 · Unknown · Phuc Pham Multiple Admin Emails

Name of the Vulnerable Software and Affected Versions: Phuc Pham Multiple Admin Emails versions n/a through 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF problem, which allows for Cross Site Request Forgery. This affects the multiple admin emails functionality...

PT-2024-36633 · Unknown · Webriderz Wr Age Verification

Name of the Vulnerable Software and Affected Versions: Webriderz Wr Age Verification versions n/a through 2.0.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially...

PT-2024-36169 · Unknown · Ldd Directory Lite

Name of the Vulnerable Software and Affected Versions: LDD Directory Lite versions n/a through 3.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS attacks. Recommendations: For...

PT-2024-12206 · Unknown · Awesome Togi Product Category Tree

Name of the Vulnerable Software and Affected Versions: AWESOME TOGI Product Category Tree versions n/a through 2.5 Description: The issue is related to a Missing Authorization vulnerability in the AWESOME TOGI Product Category Tree, which allows exploitation of incorrectly configured access contr...

PT-2024-35837 · Unknown · Plumeria Web Design Blizzard Quotes

Name of the Vulnerable Software and Affected Versions: Plumeria Web Design Blizzard Quotes versions n/a through 1.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can perform unauthorized actions on the website. The estimat...