982 matches found
EUVD-2024-3277
Malicious code in bioql PyPI...
EUVD-2023-36475
Malicious code in bioql PyPI...
EUVD-2022-5735
Malicious code in bioql PyPI...
EUVD-2022-0813
Malicious code in bioql PyPI...
EUVD-2023-36294
Malicious code in bioql PyPI...
EUVD-2022-4100
Malicious code in bioql PyPI...
EUVD-2022-2227
Malicious code in bioql PyPI...
EUVD-2023-2356
Malicious code in bioql PyPI...
EUVD-2022-3963
Malicious code in bioql PyPI...
EUVD-2022-1752
Malicious code in bioql PyPI...
EUVD-2022-1956
Malicious code in bioql PyPI...
CVE-2025-9194
The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a them...
CVE-2025-9194 Constructor <= 1.6.5 - Missing Authorization to Authenticated (Subscriber+) Theme Clean
The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a them...
EUVD-2025-32249
The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a them...
CVE-2025-9194
CVE-2025-9194 concerns the WordPress plugin Constructor (versions up to 1.6.5). The issue is a missing capability check in the clean() function, enabling authenticated attackers with Subscriber-level access or higher to trigger a theme clean and modify data. Public sources (e.g., PT-2025-40485) n...
CVE-2025-9194 Constructor <= 1.6.5 - Missing Authorization to Authenticated (Subscriber+) Theme Clean
The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a them...
WordPress plugin Constructor 安全漏洞
WordPress Constructor plugin is a framework for simplifying plugin development, mainly used to help developers quickly build and manage the plugin's components such as options pages, forms and custom fields. WordPress Constructor plugin suffers from a privilege issue vulnerability that stems from...
PT-2025-40485
Name of the Vulnerable Software and Affected Versions Constructor theme for WordPress versions prior to 1.6.6 Description The Constructor theme for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the clean function. Authenticated...
WordPress Constructor Theme <= 1.6.5 is vulnerable to Broken Access Control
Software Constructor Type Theme Vulnerable versions = 1.6.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-9194 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f6d9c8944054 Credits Sulabh Jain pentestmonkey11 Required...
Security update for mybatis, ognl
This update for mybatis, ognl fixes the following issues: Version update to 3.5.7: Bug fixes: Improved performance under JDK 8. 2223 Version update to 3.5.8: List of changes: Avoid NullPointerException when mapping an empty string to java.lang.Character. 2368 Fixed an incorrect argument when...