PT-2025-51280

Name of the Vulnerable Software and Affected Versions IBM DevOps Deploy versions 8.1 through 8.1.2.3 Description An authenticated user with LLM integration configuration privileges may be able to recover a previously saved LLM API Token. Recommendations Update to a version later than 8.1.2.3...

CVE-2025-14540 Userback <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Plugin's Configuration Exposure

The Userback plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the userbackgetjson function in all versions up to, and including, 1.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract...

PT-2025-51081

The Userback plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the userback get json function in all versions up to, and including, 1.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract...

Security Bulletin: IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability (CVE-2025-14148)

Summary IBM DevOps Deploy could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token. CVE-2025-14148 Vulnerability Details CVEID:CVE-2025-14148 DESCRIPTION: IBM DevOps Deploy could allow an authenticated user with LLM integration...

EUVD-2025-202954

The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apitoken' and 'roomid' settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2025-13975

CVE-2025-13975: The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the api_token and roomid settings in all versions up to 1.1.0. The issue requires authenticated admin access and affects multisite installs and sites where unfiltered_html is dis...

CVE-2025-13975 Contact Form 7 with ChatWork <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'api_token' and 'roomid' Settings

The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apitoken' and 'roomid' settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

EUVD-2015-1936

Malware in sbrugna...

EUVD-2019-7079

Malware in sbrugna...

EUVD-2020-0093

Malware in sbrugna...

EUVD-2017-10571

Malware in sbrugna...

EUVD-2021-30007

Malicious code in bioql PyPI...

EUVD-2023-40564

Malicious code in bioql PyPI...

EUVD-2024-2762

Malicious code in bioql PyPI...

EUVD-2023-1966

Malicious code in bioql PyPI...

EUVD-2024-3383

Malicious code in bioql PyPI...

EUVD-2024-21968

Malicious code in bioql PyPI...

EUVD-2021-9317

Malicious code in bioql PyPI...

EUVD-2025-16588

Malicious code in bioql PyPI...

EUVD-2022-31222

Malicious code in bioql PyPI...