EUVD-2023-34026

Malicious code in bioql PyPI...

EUVD-2021-27538

Malicious code in bioql PyPI...

EUVD-2024-17990

Malicious code in bioql PyPI...

EUVD-2022-38609

Malicious code in bioql PyPI...

EUVD-2023-36983

Malicious code in bioql PyPI...

PT-2025-39823

Name of the Vulnerable Software and Affected Versions Chef Automate versions prior to 4.13.295 Description Chef Automate versions earlier than 4.13.295 on Linux x86 are susceptible to a condition where an authenticated attacker can access restricted functionality. This is due to improperly...

CVE-2025-9018

The Time Tracker plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ttupdatetablefunction' and 'ttdeleterecordfunction' functions in all versions up to, and including, 3.1.0. This makes it possible for authenticated attackers...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to improper input validation in the alert script check. An attacker can execute arbitrary shell commands on the server by submitting crafted input after authentication. Remediation Upgrade...

CVE-2025-41045 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigethicallicensekey' parameter in /apprain/admin/config/ethical...

CVE-2025-58163 FreeScout's deserialization of untrusted data can lead to Remote Code Execution

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.185 and earlier contain a deserialization of untrusted data vulnerability that allows authenticated attackers with knowledge of the application's APPKEY to achieve remote code execution. The...

CVE-2025-5101

CVE-2025-5101 affects GitLab CE/EE, all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1. Root cause is ambiguity between branches and tags during repository imports, which could let an authenticated attacker distribute code that appears harmless in the web interface. The CVSSv3...

PT-2025-34213 · Exagrid · Exagrid Ex10

Name of the Vulnerable Software and Affected Versions: Exagid EX10 version 7.0.1p02 Description: An XML external entities XXE injection vulnerability exists in the /init API endpoint. An authenticated, unprivileged attacker can achieve information disclosure and privilege escalation by submitting...

CVE-2024-53945

The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS commands with root privileges via shell metacharacters in parameters such as pincode and cmds...

CVE-2025-51057

A local file inclusion LFI vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile' function call in '/apivedo/video/preview'...

CVE-2025-7727 Gutenverse <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text and Fun Fact Blocks

The Gutenverse plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Fun Fact blocks in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-7498

CVE-2025-7498 affects the WordPress plugin Exclusive Addons for Elementor . The vulnerability is a Stored Cross-Site Scripting (XSS) in the Countdown Widget, present in all versions up to and including 2.7.9.4, caused by insufficient input sanitization and output escaping. authenticated attackers...

CVE-2025-7498 Exclusive Addons for Elementor <= 2.7.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget in all versions up to, and including, 2.7.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-8100 Element Pack Elementor Addons and Templates <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content

The Element Pack Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markercontent' parameter in versions up to, and including, 8.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

CVE-2025-7502 WPBakery Page Builder for WordPress <= 8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several shortcodes in all versions up to, and including, 8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE-2025-6259 esri-map-view <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via esri-map-view Shortcode

The esri-map-view plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's esri-map-view shortcode in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...