EUVD-2026-33614

SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...

EUVD-2026-30930

Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...

WordPress personal-authors-category plugin <= 0.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin personal-authors-category versions = 0.3...

PT-2026-3916

Name of the Vulnerable Software and Affected Versions Appsmith versions 1.94 and below Description Appsmith is a platform used to build admin panels, internal tools, and dashboards. Publicly accessible applications in affected versions allow unauthenticated users to execute unpublished actions...

EUVD-2018-0787

Malware in sbrugna...

EUVD-2020-17946

Malware in sbrugna...

EUVD-2023-12190

Malicious code in bioql PyPI...

EUVD-2023-51372

Malicious code in bioql PyPI...

EUVD-2023-41820

Malicious code in bioql PyPI...

EUVD-2022-33393

Malicious code in bioql PyPI...

EUVD-2022-47165

Malicious code in bioql PyPI...

CVE-2025-57878 BUG-000174149 - The Portal for ArcGIS has an unvalidated redirect.

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks...

WordPress Maspik plugin <= 2.5.6 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Maspik – Spam blacklist versions = 2.5.6...

CVE-2025-54433

Bugsink is a self-hosted error tracking service. In versions 1.4.2 and below, 1.5.0 through 1.5.4, 1.6.0 through 1.6.3, and 1.7.0 through 1.7.3, ingestion paths construct file locations directly from untrusted eventid input without validation. A specially crafted eventid can result in paths outsi...

CVE-2025-31055 WordPress Electrician - Electrical Service WordPress theme <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in vergatheme Electrician - Electrical Service WordPress electrician allows Reflected XSS.This issue affects Electrician - Electrical Service WordPress: from n/a through = 1.0...

CVE-2025-52833

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in designthemes LMS lms allows SQL Injection.This issue affects LMS: from n/a through = 9.2...

CVE-2025-52782

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in King Rayhan Scroll UP scroll-to-up allows Reflected XSS.This issue affects Scroll UP: from n/a through = 2.0...

CVE-2024-35646

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Erez Hadas-Sonnenschein Smartarget Message Bar smartarget-message-bar.This issue affects Smartarget Message Bar: from n/a through = 1.5...

CVE-2023-44997

Cross-Site Request Forgery CSRF vulnerability in Nitin Rathod WP Forms Puzzle Captcha plugin = 4.1 versions...

CVE-2023-41650

Cross-Site Request Forgery CSRF vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin = 2.1 versions...