126 matches found
Moodle - Cross-Site Scripting/Remote Code Execution
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before...
CVE-2025-12656
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the deletecancelstagingsite function in all versions up to, and including, 0.9.128. This makes it possible for authenticated...
CVE-2025-34290 Versa SASE Client for Windows < 7.9.5 Arbitrary Folder Deletion Leading to Local Privilege Escalation
Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating...
CVE-2025-13377
The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the getcachedirforpagefromurl function in all versions up to, and including, 2.32.7. This makes it possible for...
EUVD-2025-201539
The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the getcachedirforpagefromurl function in all versions up to, and including, 2.32.7. This makes it possible for...
CVE-2025-13377
The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the getcachedirforpagefromurl function in all versions up to, and including, 2.32.7. This makes it possible for...
CVE-2025-13377
The vulnerability CVE-2025-13377 affects the WordPress plugin “10Web Booster – Website speed optimization, Cache & Page Speed optimizer”, specifically in get_cache_dir_for_page_from_url() across all versions up to and including 2.32.7. The underlying issue is insufficient file path validation, en...
CVE-2025-13377 10Web Booster <= 2.32.7 - Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cache
The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the getcachedirforpagefromurl function in all versions up to, and including, 2.32.7. This makes it possible for...
CVE-2025-13377 10Web Booster <= 2.32.7 - Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cache
The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the getcachedirforpagefromurl function in all versions up to, and including, 2.32.7. This makes it possible for...
PT-2025-49354
Name of the Vulnerable Software and Affected Versions 10Web Booster versions prior to 2.32.8 Description The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is susceptible to arbitrary folder deletion due to inadequate file path validation within the...
EUVD-2018-7819
Malware in sbrugna...
EUVD-2021-11933
Malware in sbrugna...
EUVD-2023-28588
Malicious code in bioql PyPI...
EUVD-2022-32969
Malicious code in bioql PyPI...
EUVD-2022-29552
Malicious code in bioql PyPI...
EUVD-2024-47195
Malicious code in bioql PyPI...
EUVD-2023-52318
Malicious code in bioql PyPI...
EUVD-2024-52190
Malicious code in bioql PyPI...
EUVD-2023-28589
Malicious code in bioql PyPI...
EUVD-2023-34966
Malicious code in bioql PyPI...