412 matches found
EUVD-2024-16407
Malicious code in bioql PyPI...
EUVD-2023-24101
Malicious code in bioql PyPI...
EUVD-2024-44331
Malicious code in bioql PyPI...
EUVD-2024-27361
Malicious code in bioql PyPI...
EUVD-2023-57729
Malicious code in bioql PyPI...
EUVD-2025-8057
Malicious code in bioql PyPI...
EUVD-2023-53914
Malicious code in bioql PyPI...
EUVD-2024-47717
Malicious code in bioql PyPI...
EUVD-2024-48321
Malicious code in bioql PyPI...
EUVD-2023-54574
Malicious code in bioql PyPI...
EUVD-2024-49400
Malicious code in bioql PyPI...
EUVD-2024-27605
Malicious code in bioql PyPI...
EUVD-2022-42766
Malicious code in bioql PyPI...
CVE-2025-9333
The Smart Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2025-9518 atec Debug <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Deletion
The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation on the 'debugpath' parameter in all versions up to, and including, 1.2.22. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete...
CVE-2025-9518
CVE-2025-9518 covers the atec Debug WordPress plugin (versions ≤ 1.2.22). The flaw is insufficient validation of the debug_path parameter, enabling authenticated users with Administrator+ rights to arbitrarily delete files (e.g., wp-config.php). This could facilitate remote code execution. The Wo...
CVE-2025-6348
CVE-2025-6348 affects WordPress Smart Slider 3 plugin. All versions up to and including 3.5.1.28 are vulnerable to a time-based SQL Injection via the sliderid parameter, caused by insufficient escaping of user input and inadequate preparation of the existing SQL query. This allows authenticated a...
CVE-2025-7344 Digiwin|EAI - Privilege Escalation
The EAI developed by Digiwin has a Privilege Escalation vulnerability, allowing remote attackers with regular privileges to elevate their privileges to administrator level via a specific API...
CVE-2025-7344 Digiwin|EAI - Privilege Escalation
The EAI developed by Digiwin has a Privilege Escalation vulnerability, allowing remote attackers with regular privileges to elevate their privileges to administrator level via a specific API...
PT-2025-24667 · Solarwinds · Solarwinds Observability Self-Hosted
Name of the Vulnerable Software and Affected Versions: SolarWinds Observability Self-Hosted affected versions not specified Description: The issue is related to a cross-site scripting XSS vulnerability due to an unsanitized field in the URL. The attack requires authentication using an...