1360 matches found
EUVD-2022-24838
Malicious code in bioql PyPI...
EUVD-2022-24669
Malicious code in bioql PyPI...
EUVD-2023-32867
Malicious code in bioql PyPI...
EUVD-2023-54240
Malicious code in bioql PyPI...
EUVD-2023-23317
Malicious code in bioql PyPI...
EUVD-2024-54439
Malicious code in bioql PyPI...
EUVD-2025-31400
Malicious code in bioql PyPI...
EUVD-2024-27592
Malicious code in bioql PyPI...
EUVD-2023-42069
Malicious code in bioql PyPI...
EUVD-2024-54526
Malicious code in bioql PyPI...
EUVD-2022-51904
Malicious code in bioql PyPI...
CVE-2024-5200 Postie < 1.9.71 - Admin+ Stored XSS
The Postie WordPress plugin before 1.9.71 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2025-39812
Name of the Vulnerable Software and Affected Versions Postie WordPress plugin versions prior to 1.9.71 Description The software does not properly sanitize and escape certain settings, potentially allowing users with high privileges, such as administrators, to carry out Stored Cross-Site Scripting...
PT-2025-39701
Name of the Vulnerable Software and Affected Versions SysReptor versions 2024.74 through 2025.82 Description Authenticated, unprivileged users can assign the is project admin permission to themselves, granting them unauthorized access to read, modify, and delete pentesting projects they are not...
Syslifters Sysreptor 安全漏洞
Syslifters Sysreptor is a penetration test reporting platform from Syslifters, Inc. A security vulnerability exists in Syslifters Sysreptor versions 2024.74 through prior to 2025.83, which stems from allowing an unprivileged user to assign the isprojectadmin privilege, which could lead to...
No title provided
A path traversal validation flaw exists in Keycloak’s vault key handling on Windows. The previous fix for CVE-2024-10492 did not account for the Windows file separator . As a result, a high-privilege administrator could probe for the existence of files outside the expected realm context through...
Linux Distros Unpatched Vulnerability : CVE-2022-45436
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows...
CVE-2025-9111
The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-9111 WPBOT < 7.1.0 - Admin+ Stored XSS
The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-8889 Compress Then Upload < 1.0.5 - Admin+ Arbitrary File Upload
The Compress & Upload WordPress plugin before 1.0.5 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...