EUVD-2019-6998

Malware in sbrugna...

EUVD-2020-18658

Malware in sbrugna...

EUVD-2024-35336

Malicious code in bioql PyPI...

CVE-2025-6719 Terms descriptions <= 3.4.8 - Authenticated (Admin+) Stored Cross-Site Scripting

The Terms descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2020-19215

SQL Injection vulnerability in admin/userperm.php in piwigo v2.9.5, via the catfalse parameter to admin.php?page=userperm...

CVE-2019-16183

In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions...

CVE-2024-30146

Improper access control of endpoint in HCL Domino Leap allows certain admin users to import applications from the server's filesystem...

CVE-2025-32795

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite...

Directus vulnerable to unhandled exception on illegal filename_disk value

The Directus process can be aborted by having an authorized user update the filenamedisk value to a folder and accessing that file through the /assets endpoint. The vulnerability is patched and released in v9.15.0. You can prevent this problem by making sure no untrusted non-admin users have...