WordPress BulletProof Security 5.1 Information Disclosure

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up t...

ait-dsn (=2.0.0), ait-gui (>=2.4.0 <=2.4.1) potentially affected by CVE-2026-47731 via ait-core (>=2.3.5 <=2.5.2)

ait-core PYPI version =2.3.5, =2.4.0, =2.4.1 Source cves: CVE-2026-47731 Source advisory: OSV:GHSA-P462-PRXW-MJX4...

PT-2026-47089

Summary The Binary Stream Capture BSC component exposes an unauthenticated HTTP API for dynamically creating packet capture “handlers.” Because the code blindly trusts path‑related form fields, a remote client can: - Bypass the configured log root and direct BSC to log to arbitrary filesystem...

CVE-2026-47731

creationtimestamp| type| source ---|---|--- 2026-05-19 22:10:29+00:00| published-proof-of-concept| https://github.com/NASA-AMMOS/AIT-Core/security/advisories/GHSA-p462-prxw-mjx4...

EUVD-2020-30798

Malware in sbrugna...

CVE-2020-36849

The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0.3. This makes it possible for unauthorized attackers to...

CVE-2020-36849 AIT CSV import/export <= 3.0.3 - Unauthenticated Arbitrary File Upload

The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0.3. This makes it possible for unauthorized attackers to...

PT-2025-29320 · WordPress · Ait Csv Import/Export

Name of the Vulnerable Software and Affected Versions: AIT CSV import/export plugin for WordPress versions up to and including 3.0.3 Description: The AIT CSV import/export plugin for WordPress is susceptible to arbitrary file uploads due to a lack of file type validation in the...

CVE-2025-34083

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2020-36849...

CVE-2025-34083

CVE-2025-34083 is rejected/not used; it is a duplicate of CVE-2020-36849.

CVE-2024-22894

An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file...

CVE-2024-35061

NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution...

CVE-2024-35056

NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the querypackets and insert functions...

CVE-2024-35060

An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file...

CVE-2024-35059

An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands...

CVE-2024-35057

An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet...

GHSA-CXWF-QC32-375F Decidim-Awesome has SQL injection in AdminAccountability

Vulnerability type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Vendor: Decidim International Community Environment Has vendor confirmed: Yes Attack type: Remote Impact: Code Execution Escalation of Privileges Information Disclosure Affected component:...

GHSA-7CX8-44PC-XV3Q Decidim cross-site scripting (XSS) in the pagination

Impact The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter perpage. Patches Not available Workarounds Not available References OWASP ASVS v4.0.3-5.1.3 Credits This issue was discovered in a security audit organized...

Remote Code Execution (RCE)

ait-core is vulnerable to Remote Code Execution RCE. The vulnerability is caused due to loading untrusted pickle files, allowing attackers to execute arbitrary code...

ait-dsn (=2.0.0), ait-gui (>=2.4.0 <=2.4.1) potentially affected by CVE-2024-35061 via ait-core (>=2.3.5 <=2.5.2)

ait-core PYPI version =2.3.5, =2.4.0, =2.4.1 Source cves: CVE-2024-35061 Source advisory: OSV:GHSA-QV6X-53JJ-VW59...