29 matches found
EUVD-2020-29900
Malware in sbrugna...
EUVD-2020-23764
Malware in sbrugna...
EUVD-2024-16897
Malicious code in bioql PyPI...
EUVD-2023-24271
Malicious code in bioql PyPI...
EUVD-2025-13666
Malicious code in bioql PyPI...
EUVD-2024-47860
Malicious code in bioql PyPI...
EUVD-2024-46460
Malicious code in bioql PyPI...
EUVD-2024-17037
Malicious code in bioql PyPI...
EUVD-2024-54255
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-1696
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service TPS where it did not properly sanitize Profile IDs, enabling a Stored...
CVE-2024-4619
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hoveranimation’ parameter in versions up to, and including, 3.21.5 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2024-10717
The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivatelicense function in all versions up to, and including, 3.3.4. This makes it possible for authenticated...
CVE-2023-2715
The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submitticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's...
CVE-2022-33869
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiWAN 4.0.0 through 4.5.9 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...
CVE-2021-26969
A remote authenticated authenticated xml external entity xxe vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit...
CVE-2018-17008
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services e.g., inetd, HTTP, DNS, and UPnP via long JSON data for wireless wlanhost2g power...
CVE-2024-46671
FortiWeb contains an Incorrect User Management (CWE-286) vulnerability affecting FortiWeb versions 7.6.2 and below, 7.4.6 and below, 7.2.10 and below, and 7.0.11 and below. An authenticated attacker with at least read-only admin privileges can perform operations on the dashboard of other administ...
CVE-2024-13350
The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siqsearchbox' shortcode in all versions up to, and including, 4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2024-12276 Ultimate Member <= 2.9.2 - Authenticated SQL Injection
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to second-order SQL Injection via filenames in all versions up to, and including, 2.9.2 due to insufficient escaping on the user supplied parameter...
CVE-2024-13588
The Simplebooklet PDF Viewer and Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'simplebooklet' shortcode in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...