EUVD-2026-30520

The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to ...

CVE-2026-8425

The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to ...

EUVD-2021-11706

Malware in sbrugna...

EUVD-2018-9068

Malware in sbrugna...

EUVD-2012-0826

Malware in sbrugna...

EUVD-2024-2079

Malicious code in bioql PyPI...

CVE-2021-24794

The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfilteredhtml capability is disallowed...

CVE-2025-27579

In Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an /api/system CSRF attack to update the payout address aka stratumUser for a Bitaxe Bitcoin miner, or change the frequency and voltage settings...

PT-2023-24742 · Apache · Apache Nifi

Name of the Vulnerable Software and Affected Versions: Apache NiFi versions 1.8.0 through 1.21.0 Description: The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, allow an authenticated and authorized user to configure URL and library...

PT-2022-19297 · D Link · D-Link Dir-882

Name of the Vulnerable Software and Affected Versions: D-Link DIR882 version DIR882A1 FW130B06 Description: A command injection issue in the /setnetworksettings/IPAddress component allows attackers to escalate privileges to root by sending a crafted payload. Recommendations: For D-Link DIR882...

CVE-2022-26999

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wanipstat, wanmaskstat, wangwstat, and wandns1stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2022-26999

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wanipstat, wanmaskstat, wangwstat, and wandns1stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2021-24794

The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfilteredhtml capability is disallowed...

Cross site scripting

The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfilteredhtml capability is disallowed...

WordPress 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress Connections Business Directory plugin prior to 10.4.3. The vulnerability stems from the plugin's failure to escape address...

Command injection

The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room...

Description of the security update for the Windows Kernel vulnerabilities in Windows Server 2008: March 13, 2018

Description of the security update for the Windows Kernel vulnerabilities in Windows Server 2008: March 13, 2018 Summary An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout...