EUVD-2024-44442

Malicious code in bioql PyPI...

EUVD-2024-53983

Malicious code in bioql PyPI...

CVE-2025-8313

CVE-2025-8313 affects the Campus Directory plugin for WordPress. A Stored Cross-Site Scripting flaw exists via the noaccess_msg parameter in all versions up to 1.9.1. Exploitation requires Contributor+ authentication, with scripts executed when an injected page is viewed. Mitigation: update to a ...

CVE-2025-4588 360 Photo Spheres <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The 360 Photo Spheres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sphere' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2013-10063 Netgear SPH200D <= 1.0.4.80 Path Traversal via HTTP GET

A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions = 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive...

CVE-2025-6382

CVE-2025-6382 — Taeggie Feed (WordPress) Stored XSS in plugin versions up to 0.1.10. The render() function injects user-supplied data from the name attribute directly into a [removed] tag, including the id and within jQuery.getScript(), without proper escaping. This enables authenticated attacker...

CVE-2025-7495 WP-Members <= 3.5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpmemloginlink' shortcode in all versions up to, and including, 3.5.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

CVE-2025-4685

The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML data attributes of multiple widgets, in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This make...

CVE-2015-10139

CVE-2015-10139 affects the WPLMS WordPress theme and allows privilege escalation via the wp_ajax_import_data AJAX action in versions 1.5.2–1.8.4.1. Authenticated attackers could modify restricted settings and potentially create a new admin account. The issue is tied to an API/endpoint exposed to ...

CVE-2025-7035 Media Library Assistant <= 3.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via mla_tag_cloud and mla_term_list Shortcodes

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mlatagcloud and mlatermlist shortcodes in all versions up to, and including, 3.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-5530 WPC Smart Compare for WooCommerce <= 6.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shortcodebtn' shortcode in all versions up to, and including, 6.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

Ivanti Endpoint Manager < 2022 SU8 Security Update 1 / 2024 < 2024 SU3 July 2025 Security Update

The version of Ivanti Endpoint Manager running on the remote host is prior to 2022 SU8 Security Update 1 or 2024 prior to 2024 SU3. It is, therefore, affected by multiple vulnerabilities: - Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8...

CVE-2025-5678 Kadence Blocks – Gutenberg Blocks for Page Builder Features <= 3.5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via `redirectURL` Parameter

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘redirectURL’ parameter in all versions up to, and including, 3.5.10 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-5567

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-url' DOM element attribute in all versions up to, and including, 7.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

CVE-2025-5567 Shortcodes Ultimate <= 7.4.0 - Authenticted (Contributor+) Stored Cross-Site Scripting via 'data-url' Attribute

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-url' DOM element attribute in all versions up to, and including, 7.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

CVE-2025-6686 Magic Buttons for Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button Shortcode

The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-6488 isMobile <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via device Parameter

The isMobile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-5291

CVE-2025-5291 concerns the WordPress plugin Master Slider – Responsive Touch Slider. The vulnerability is a Stored Cross-Site Scripting (XSS) in versions up to 3.10.8, triggered via user-supplied attributes in the masterslider_pb and ms_slide shortcodes. Exploitation requires authenticated access...

CVE-2025-5536 Freemind Viewer <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Freemind Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'freemind' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

USN-7535-1: Intel Microcode vulnerabilities

Sander Wiebing and Cristiano Giuffrida discovered that some Intel® Processors did not properly handle data in Shared Microarchitectural Structures during Transient Execution. An authenticated attacker could possibly use this issue to obtain sensitive information. CVE-2024-28956 It was discovered...