CVE-2025-10679

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to arbitrary method calls in all versions up to, and including, 2.2.12. This is due to insufficient input validation in the bulkTenReviews function that...

GHSA-3M5V-4XP5-GJG2 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names

Summary An arbitrary method execution vulnerability has been found which affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary relationship names to invoke any public method on the underlying model instance, class or its associations...

Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names

Summary An arbitrary method execution vulnerability has been found which affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary relationship names to invoke any public method on the underlying model instance, class or its associations...

PT-2026-26750

Name of the Vulnerable Software and Affected Versions Graphiti versions prior to 1.10.2 Description Graphiti is a framework that exposes models through a JSON:API-compliant interface. Versions prior to 1.10.2 contain a flaw where an attacker can construct a malicious JSONAPI payload with arbitrar...

Bitcoinrb Vulnerable to Command injection via RPC

Summary: Remote Code Execution Unsafe handling of request parameters in the RPC HTTP server results in command injection Details In lib/bitcoin/rpc/httpserver.rb line 30-39, the JSON body of a POST request is parsed into command and args variables. These values are then passed to send, which is...

Kimai security vulnerabilities

Kimai is a web-based, multi-user time tracking application developed by Kimai’s developers. Versions of Kimai prior to 2.46.0 contained security vulnerabilities. These vulnerabilities stemmed from the overly lax security policies for the Twig sandbox used in the export function, which allowed...

Sandbox Protection Bypass

io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps is vulnerable to Sandbox Protection Bypass. The vulnerability is due to an overly permissive custom script security whitelist, which allows an attacker to invoke arbitrary methods and bypass sandbox restrictions...

WordPress Plugin Authors List Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Authors List, which stem...

WordPress plugin Authors List 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Authors List, which stem...

EUVD-2019-0778

Malware in sbrugna...

EUVD-2020-26765

Malware in sbrugna...

EUVD-2022-1324

Malicious code in bioql PyPI...

EUVD-2022-1662

Malicious code in bioql PyPI...

CVE-2024-51992 Method Exposure Vulnerability in Modals in orchid/platform

Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue CWE-749: Exposed Dangerous Method or Function in the Orchid Platform’s asynchronous modal functionality, affecti...

CVE-2024-9989 Crypto <= 2.18 - Authentication Bypass via log_in

The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method call to 'cryptoconnectajaxprocess::login' function in the 'cryptoconnectajaxprocess' function. This makes it possible for unauthenticated...

GHSA-MP76-7W5V-PR75 TurboBoost Commands vulnerable to arbitrary method invocation

Impact TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted dependi...

TurboBoost Commands vulnerable to arbitrary method invocation

Impact TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted dependi...

CVE-2024-28181 Arbitrary method invocation turbo_boost-commands

turboboost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should...

CVE-2024-28181 Arbitrary method invocation turbo_boost-commands

turboboost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should...

CVE-2024-28121 Reflex arbitrary method call in stimulus_reflex

stimulusreflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets. In affected versions more methods than expected can be called on reflex instances. Being able to call some of them has security...