38 matches found
EUVD-2017-14860
Malware in sbrugna...
EUVD-2013-4842
Malware in sbrugna...
EUVD-2022-36744
Malicious code in bioql PyPI...
EUVD-2024-35888
Malicious code in bioql PyPI...
EUVD-2024-54321
Malicious code in bioql PyPI...
EUVD-2022-2427
Malicious code in bioql PyPI...
PT-2025-34821 · WordPress · Lazy Load For Videos
Name of the Vulnerable Software and Affected Versions: Lazy Load for Videos plugin for WordPress versions through 2.18.7 Description: The Lazy Load for Videos plugin for WordPress is susceptible to Stored Cross-Site Scripting through its lazy-loading handlers. Insufficient input sanitization and...
CVE-2025-9172
The CVE-2025-9172 entry concerns the WordPress plugin Vibes (
PT-2025-34576
Name of the Vulnerable Software and Affected Versions: YiFang CMS versions up to 2.0.5 Description: A security issue has been identified in YiFang CMS. The exportInstallTable function within the app/utils/base/database/Migrate.php file is susceptible to information disclosure. This issue can be...
CVE-2025-24285
Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV Station Lite. Affected Products: UniFi Connect EV Station Lite Version 1.5.1 and earlier Mitigation: Update UniFi...
CVE-2025-6080
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to unauthorized admin account creation in all versions up to, and including, 67.7.0. This is due to the plugin not properly validating a user's capabilities prior to adding users. This makes it possible for authenticat...
CVE-2025-7778
The CVE-2025-7778 entry concerns the Icons Factory WordPress plugin (versions up to and including 1.6.12). The vulnerability arises from missing authorization and improper path validation in delete_files(), enabling unauthenticated attackers to delete arbitrary server files (potentially including...
CVE-2025-24520
Insertion of sensitive information into log file for some IntelR Local Manageability Service software before version 2514.7.16.0 may allow an authenticated user to potentially enable information disclosure via local access...
CVE-2025-54997
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing system code or making network connections...
CVE-2025-8797
LitmusChaos Litmus (versions up to 3.19.0) contains a vulnerability in the LocalStorage Handler that enables permission-related issues. The issue can be exploited remotely, and public PoCs/exploits have been disclosed. Several sources corroborate affected version range and remote-attack potential...
CVE-2025-54997
OpenBao (OpenBao) v2.3.1 and earlier are vulnerable to code execution and unintended network access due to privileged API operators bypassing restrictions via the audit subsystem by manipulating log prefixes. The root cause is an abuse of the audit/log-prefix handling in privileged operators, ena...
Linux Distros Unpatched Vulnerability : CVE-2023-21929
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.32 and prior. Easily exploitable...
CVE-2025-54061 WeGIASQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarDoc.php Endpoint
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the idatendidofamiliares parameter of the /html/funcionario/dependenteeditarDoc.php endpoint. This vulnerability allo...
CVE-2025-48885 application-urlshortener users can create arbitrary pages as long as they have view access to them
application-urlshortener create shortened URLs for XWiki pages. Versions prior to 1.2.4 are vulnerable to users with view access being able to create arbitrary pages. Any user even guests can create these docs, even if they don't exist already. This can enable guest users to denature the structur...
CVE-2025-3895 Low token entropy in MegaBIP
Token used for resetting passwords in MegaBIP software are generated using a small space of random values combined with a queryable value. It allows an unauthenticated attacker who know user login names to brute force these tokens and change account passwords including these belonging to...