EUVD-2025-28207

Malicious code in bioql PyPI...

EUVD-2025-24691

Malicious code in bioql PyPI...

EUVD-2025-24742

Malicious code in bioql PyPI...

EUVD-2025-25293

Malicious code in bioql PyPI...

EUVD-2025-25364

Malicious code in bioql PyPI...

PT-2025-38847

Name of the Vulnerable Software and Affected Versions Trustpilot Trustpilot Reviews versions through 2.5.925 Description A missing authorization issue exists in Trustpilot Trustpilot Reviews, stemming from incorrectly configured access control security levels. This allows for unauthorized access...

CVE-2025-58982

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixeline Pixeline's Email Protector pixelines-email-protector allows Stored XSS.This issue affects Pixeline's Email Protector: from n/a through = 1.3.8...

CVE-2025-58216

CVE-2025-58216 is a Stored XSS in the WordPress plugin “WP Thumbtack Review Slider” up to version 2.6, caused by improper input neutralization during web page generation. The vulnerability affects WP Thumbtack Review Slider versions

CVE-2025-54014

Deserialization of Untrusted Data vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Object Injection.This issue affects MediCenter - Health Medical Clinic: from n/a through = 15.1...

CVE-2025-54735

Incorrect Privilege Assignment vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Privilege Escalation.This issue affects CubeWP: from n/a through = 1.1.24...

CVE-2025-49432

Missing Authorization vulnerability in FWDesign Ultimate Video Player fwduvp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Video Player: from n/a through = 10.1...

CVE-2025-55708

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through = 10.2.4...

CVE-2025-24775

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through = 2.9.0...

CVE-2025-53341

CVE-2025-53341 refers to a Missing Authorization/broken access control vulnerability in the WordPress Stratus theme (versions up to and including 4.2.5). The issue stems from incorrectly configured access control levels, enabling improper authorization under typical user roles. The CVSS metrics i...

PT-2025-33224 · Oik · Oik

Name of the Vulnerable Software and Affected Versions: oik versions n/a through 4.15.2 Description: The software contains a Cross-Site Request Forgery CSRF flaw. This issue allows attackers to perform Cross Site Request Forgery attacks. Recommendations: At the moment, there is no information abou...

PT-2025-33186 · Unknown · Shen2 多说社会化评论框

Name of the Vulnerable Software and Affected Versions: shen2 多说社会化评论框 versions n/a through 1.2 Description: The software contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' issue that allows Reflected XSS. Recommendations: At the moment, there is no...

PT-2025-23131 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns a rejected or withdrawn CVE ID due to being unused. No specific details about the issue are provided, and the severity is listed as 0.0 or Not Applicable. Recommendations:...

CVE-2023-20733

In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645149...

CVE-2025-26569

Cross-Site Request Forgery CSRF vulnerability in Callmeforsox Post Thumbs allows Stored XSS. This issue affects Post Thumbs: from n/a through 1.5...

PT-2025-4619 · Unknown · Xfinity Soft Content Cloner

Name of the Vulnerable Software and Affected Versions: Xfinity Soft Content Cloner versions n/a through 1.0.1 Description: The issue is related to a Missing Authorization vulnerability in Xfinity Soft Content Cloner, which allows exploiting incorrectly configured access control security levels...