WordPress plugin Pin WP 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PT-2025-34227 · WordPress · An-Themes Pin Wp

Name of the Vulnerable Software and Affected Versions: An-Themes Pin WP versions prior to 7.2 An-Themes Pin WP versions through 6.9 Description: An unrestricted file upload vulnerability exists in An-Themes Pin WP, allowing for the upload of web shells to a web server. This could lead to full...

CVE-2025-49410

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Emu TC Testimonials allows Stored XSS. This issue affects TC Testimonials: from n/a through 1.1.1...

Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems

Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware called DripDropper. But in an unusual twist, the unknown attackers have been observed patching the exploited vulnerability after securing initial...

Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution

A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and data theft. The exploit in question chains together CVE-2025-31324 and CVE-2025-42999 to bypass authentication and achieve remote code...

CVE-2025-54693

Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block form-block allows Upload a Web Shell to a Web Server.This issue affects Form Block: from n/a through = 1.5.5...

CVE-2012-10056

PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the mods/documents/uploads/ directory without any restriction on file type or extension. Because this directory is publicly accessib...

CVE-2025-55010

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...

CVE-2025-54693

Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block form-block allows Upload a Web Shell to a Web Server.This issue affects Form Block: from n/a through = 1.5.5...

CVE-2025-24775

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through = 2.9.0...

CVE-2025-54693

CVE-2025-54693 describes an Unrestricted Upload of File with Dangerous Type vulnerability in WordPress Form Block Plugin 1.5.5). CVSSv3 data cited in the initial record indicates a Critical impact (9.0 base score) with network attack vector, high complexity, no privileges required, and CHANGED sc...

CVE-2025-54693 WordPress Form Block Plugin <= 1.5.5 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block form-block allows Upload a Web Shell to a Web Server.This issue affects Form Block: from n/a through = 1.5.5...

CVE-2025-54693 WordPress Form Block Plugin <= 1.5.5 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block allows Upload a Web Shell to a Web Server. This issue affects Form Block: from n/a through 1.5.5...

CVE-2025-24775

CVE-2025-24775 describes an Unrestricted Upload of File with Dangerous Type in WordPress Forms (Made IT Forms) plugin up to version 2.9.0, enabling uploading a web shell to the web server. Public records in the provided connected sources indicate this vulnerability affects Forms versions &lt;= 2....

PT-2025-33150 · Unknown · Made I.T. Forms

Name of the Vulnerable Software and Affected Versions: Made IT Forms versions not specified through 2.9.0 Description: An unrestricted file upload issue with dangerous file types exists in Made IT Forms, allowing for the upload of a web shell to a web server. Recommendations: At the moment, there...

WordPress plugin Form Block 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

DEBIAN-CVE-2025-55010

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...

CVE-2025-55010

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...

CVE-2025-55010

Kanboard before 1.2.47 is affected by an unsafe deserialization in ProjectEventActvityFormatter that lets an admin modify event["data"] in project_activities to instantiate arbitrary PHP objects, enabling a gadget to write a web shell in /plugins and achieve remote code execution. The issue has b...

CVE-2025-55010 Kanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of Events

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...