979 matches found
EUVD-2022-5735
Malicious code in bioql PyPI...
EUVD-2023-36294
Malicious code in bioql PyPI...
EUVD-2022-4100
Malicious code in bioql PyPI...
EUVD-2022-2227
Malicious code in bioql PyPI...
EUVD-2022-3963
Malicious code in bioql PyPI...
EUVD-2023-2356
Malicious code in bioql PyPI...
EUVD-2022-1752
Malicious code in bioql PyPI...
EUVD-2022-1956
Malicious code in bioql PyPI...
CVE-2025-9194
The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a them...
CVE-2025-9194 Constructor <= 1.6.5 - Missing Authorization to Authenticated (Subscriber+) Theme Clean
The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a them...
EUVD-2025-32249
The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a them...
CVE-2025-9194 Constructor <= 1.6.5 - Missing Authorization to Authenticated (Subscriber+) Theme Clean
The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a them...
CVE-2025-9194
CVE-2025-9194 concerns the WordPress plugin Constructor (versions up to 1.6.5). The issue is a missing capability check in the clean() function, enabling authenticated attackers with Subscriber-level access or higher to trigger a theme clean and modify data. Public sources (e.g., PT-2025-40485) n...
WordPress plugin Constructor 安全漏洞
WordPress Constructor plugin is a framework for simplifying plugin development, mainly used to help developers quickly build and manage the plugin's components such as options pages, forms and custom fields. WordPress Constructor plugin suffers from a privilege issue vulnerability that stems from...
PT-2025-40485
Name of the Vulnerable Software and Affected Versions Constructor theme for WordPress versions prior to 1.6.6 Description The Constructor theme for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the clean function. Authenticated...
WordPress Constructor Theme <= 1.6.5 is vulnerable to Broken Access Control
Software Constructor Type Theme Vulnerable versions = 1.6.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-9194 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f6d9c8944054 Credits Sulabh Jain pentestmonkey11 Required...
Security update for mybatis, ognl
This update for mybatis, ognl fixes the following issues: Version update to 3.5.7: Bug fixes: Improved performance under JDK 8. 2223 Version update to 3.5.8: List of changes: Avoid NullPointerException when mapping an empty string to java.lang.Character. 2368 Fixed an incorrect argument when...
SUSE-SU-2025:03285-1 Security update for mybatis, ognl
This update for mybatis, ognl fixes the following issues: Version update to 3.5.7: Bug fixes: + Improved performance under JDK 8. 2223 Version update to 3.5.8: List of changes: + Avoid NullPointerException when mapping an empty string to java.lang.Character. 2368 + Fixed an incorrect argument whe...
CVE-2023-53337
In the Linux kernel, the following vulnerability has been resolved: nilfs2: do not write dirty data after degenerating to read-only According to syzbot's report, markbufferdirty called from nilfssegctordoconstruct outputs a warning with some patterns after nilfs2 detects metadata corruption and...
PT-2025-39075
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Description A remote code execution issue exists in the CustomMCP node, which allows users to input configuration settings for connecting to an external Model Context Protocol MCP server. The node parses the...