39 matches found
EUVD-2023-40075
Malicious code in bioql PyPI...
EUVD-2022-47330
Malicious code in bioql PyPI...
EUVD-2024-17212
Malicious code in bioql PyPI...
EUVD-2024-47793
Malicious code in bioql PyPI...
CVE-2025-38584
In the Linux kernel, the following vulnerability has been resolved: padata: Fix pd UAF once and for all There is a race condition/UAF in padatareorder that goes back to the initial commit. A reference count is taken at the start of the process in padatadoparallel, and released at the end in...
CVE-2024-12575
CVE-2024-12575 relates to the WordPress plugin Poll Maker – Versus Polls, Anonymous Polls, Image Polls (≤ 5.8.9). The vulnerability is an unauthenticated basic information exposure exposed via the ajax action ays_finish_poll, allowing attackers to retrieve admin email information from poll respon...
CVE-2024-1462
The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode...
CVE-2022-44387
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery CSRF via the Basic Information component under the Edit Member module...
CVE-2022-45139
A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of...
CVE-2020-20645
Cross Site Scripting XSS vulnerability exists in EyouCMS1.3.6 in the basicinformation area...
CVE-2022-47320
The iBoot device’s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes...
Malicious code in lightgboost (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 03aea882aa08832e53ccfb267fe4b95c9ea4f24ea51ceeaaa4a85557e67ce15b Packages are designed to collect basic info about the user when importing them, and have no other purpose. While they claim to do so, some packages from the sa...
CVE-2024-10084
CVE-2024-10084 affects the WordPress plugin Contact Form 7 – Dynamic Text Extension . The issue is a Basic Information Disclosure via the CF7_get_post_var shortcode, allowing authenticated attackers with Contributor-level access or higher to exfiltrate the titles and text contents of private or p...
CVE-2024-6757 Elementor <= 3.23.5 - Authenticated (Contributor+) Basic Information Exposure via get_image_alt Function
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the getimagealt function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
WordPress Elementor plugin <= 3.24.5 - Authenticated (Contributor+) Basic Information Exposure via get_image_alt function vulnerability
Authenticated Contributor+ Basic Information Exposure via getimagealt function vulnerability discovered by stealthcopter in WordPress Plugin Elementor Website Builder versions = 3.24.5...
CVE-2024-1462
The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode...
CVE-2023-37134
A stored cross-site scripting XSS vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2023-37134
A stored cross-site scripting XSS vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2023-37134
A stored cross-site scripting XSS vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...