12 matches found
EUVD-2024-50218
Malicious code in bioql PyPI...
EUVD-2025-10813
Malicious code in bioql PyPI...
CVE-2025-32074
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Confirm Account Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Confirm Account Extension: from 1.39 through 1.43...
CVE-2025-32074
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Confirm Account Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Confirm Account Extension: from 1.39 through 1.43...
CVE-2025-32074
CVE-2025-32074 affects MediaWiki’s Confirm Account Extension (versions 1.39–1.43). The root cause is an improper encoding/escaping of output that enables Cross-Site Scripting (XSS). The available connected sources identify the affected range and the vulnerability class but do not provide exploit ...
CVE-2025-32074 XSSes in Extension:ConfirmAccount
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Confirm Account Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Confirm Account Extension: from 1.39 through 1.43...
PT-2025-16138 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: Mediawiki - Confirm Account Extension versions 1.39 through 1.43 Description: The issue is related to improper encoding or escaping of output, which enables Cross-Site Scripting XSS in the Mediawiki - Confirm Account Extension. This is due to...
MediaWiki 安全漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the Wikimedia USA Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki - A security vulnerability exists in Confirm Account Extension versions 1.39 throug...
CVE-2024-9930
The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2.3.2. This is due to missing validation on the user being supplied in the 'verifyemail' action. This makes it possible for unauthenticated attackers to log in as any...
CVE-2024-9930 Extensions by HocWP Team <= 0.2.3.2 - Authentication Bypass
The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2.3.2. This is due to missing validation on the user being supplied in the 'verifyemail' action. This makes it possible for unauthenticated attackers to log in as any...
CVE-2024-9930
CVE-2024-9930 (Extensions by HocWP Team, WordPress) is an authentication bypass vulnerability in the Account extension of the plugin, affecting versions up to and including 0.2.3.2. The issue arises from missing validation on the user supplied to the verify_email action, enabling unauthenticated ...
CVE-2024-9930 Extensions by HocWP Team <= 0.2.3.2 - Authentication Bypass
The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2.3.2. This is due to missing validation on the user being supplied in the 'verifyemail' action. This makes it possible for unauthenticated attackers to log in as any...