121 matches found
EUVD-2024-34357
Malicious code in bioql PyPI...
EUVD-2025-27673
Malicious code in bioql PyPI...
EUVD-2025-27660
Malicious code in bioql PyPI...
EUVD-2023-43880
Malicious code in bioql PyPI...
EUVD-2024-46847
Malicious code in bioql PyPI...
EUVD-2023-43875
Malicious code in bioql PyPI...
CVE-2025-58703
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skyword Skyword API Plugin skyword-plugin allows Stored XSS.This issue affects Skyword API Plugin: from n/a through = 2.5.3...
CVE-2025-58703 WordPress Skyword API Plugin Plugin <= 2.5.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skyword Skyword API Plugin skyword-plugin allows Stored XSS.This issue affects Skyword API Plugin: from n/a through = 2.5.3...
WordPress plugin Skyword API Plugin 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...
PT-2025-38981
Name of the Vulnerable Software and Affected Versions skyword Skyword API Plugin versions through 2.5.3 Description The skyword Skyword API Plugin contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This issue could...
CVE-2025-8692
The Coupon API plugin for WordPress is vulnerable to SQL Injection via the ‘logduration’ parameter in all versions up to, and including, 6.2.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-8721
The Workable Api plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's workablejobs shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-8692 Coupon API <= 6.2.12 - Authenticated (Administrator+) SQL Injection via 'log_duration'
The Coupon API plugin for WordPress is vulnerable to SQL Injection via the ‘logduration’ parameter in all versions up to, and including, 6.2.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
PT-2025-37138
The Coupon API plugin for WordPress is vulnerable to SQL Injection via the ‘log duration’ parameter in all versions up to, and including, 6.2.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
WordPress Skyword API Plugin plugin <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin Skyword API Plugin versions = 2.5.2...
CVE-2025-58124
CVE-2025-58124 affects the Checkmk Exchange plugin check-mk-api, with the root cause being improper certificate validation. This enables a MitM attacker to intercept traffic in network communications. Public descriptions consistently reference the vulnerable component as the plugin for Checkmk Ex...
CVE-2025-58124 Lack of TLS validation in plugin check-mk-api on Checkmk Exchange
Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic...
WordPress plugin Custom API for WP SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress SMM API plugin <= 6.0.31 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin SMM API versions = 6.0.31...
CVE-2025-53673
Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...