97 matches found
EUVD-2014-4509
Malware in sbrugna...
EUVD-2025-27824
Malicious code in bioql PyPI...
EUVD-2025-2737
Malicious code in bioql PyPI...
CVE-2025-32293
Deserialization of Untrusted Data vulnerability in designthemes Finance Consultant finance allows Object Injection.This issue affects Finance Consultant: from n/a through = 2.8...
CVE-2025-32293
Deserialization of Untrusted Data vulnerability in designthemes Finance Consultant finance allows Object Injection.This issue affects Finance Consultant: from n/a through = 2.8...
CVE-2025-32293 WordPress Finance Consultant theme <= 2.8 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in designthemes Finance Consultant finance allows Object Injection.This issue affects Finance Consultant: from n/a through = 2.8...
CVE-2025-32293
CVE-2025-32293 : Designthemes Finance Consultant (WordPress Theme)
CVE-2025-32293 WordPress Finance Consultant theme <= 2.8 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in designthemes Finance Consultant finance allows Object Injection.This issue affects Finance Consultant: from n/a through = 2.8...
PT-2025-22695 · Designthemes · Designthemes Finance Consultant
Name of the Vulnerable Software and Affected Versions: designthemes Finance Consultant versions through 2.8 Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection. Recommendations: For versions through 2.8, update to a version that fixes the...
WordPress plugin Finance Consultant 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...
WordPress Finance Consultant theme <= 2.8 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Finance Consultant versions = 2.8...
What to Expect When You’re Convicted
When a formerly incarcerated “troubleshooter for the mafia” looked for a second career he chose the thing he knew best. He became a prison consultant for white-collar criminals...
CVE-2025-22337
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in infosoftplugin Order Audit Log for WooCommerce order-audit-log-for-woocommerce allows Reflected XSS.This issue affects Order Audit Log for WooCommerce: from n/a through = 2.0...
CVE-2025-22337 WordPress Order Audit Log for WooCommerce plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in infosoftplugin Order Audit Log for WooCommerce order-audit-log-for-woocommerce allows Reflected XSS.This issue affects Order Audit Log for WooCommerce: from n/a through = 2.0...
WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution
Exploit Title: WebCatalog 48.4 - Arbitrary Protocol Execution Date: 9/27/2023 Exploit Author: ItsSixtyN3in Vendor Homepage: https://webcatalog.io/en/ Software Link: https://cdn-2.webcatalog.io/webcatalog/WebCatalog%20Setup%2052.3.0.exe Version: 48.4.0 Tested on: Windows CVE : CVE-2023-42222...
Exploit for Path Traversal in Thruk
Thruk-CVE-2023-34096 Thruk Monitoring Web Interface versions...
GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure Vulnerability
Exploit Title: GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure Version: =10.0.0 and 10.0.2 Author: Nuri Çilengir Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi Advisory:...
Update now! GoAnywhere MFT zero-day patched
An emergency patch 7.1.2 has been released for an actively exploited zero-day vulnerability found in the GoAnywhere MFT administrator console. GoAnywhere MFT, which stands for managed file transfer, is a software solution that allows businesses to manage and exchange files in a secure and complia...
Researcher Spotlight: Globetrotting with Yuri Kramarz
From the World Cup in Qatar to robotics manufacturing in east Asia, this incident responder combines experience from multiple arenas By Jon Munshaw. Yuri “Jerzy” Kramarz helped secure everything from the businesses supporting the upcoming World Cup in Qatar to the Black Hat security conference an...
Broken Authorization in ZITADEL Actions
Impact Actions, introduced in ZITADEL 1.42.0 on the API and 1.56.0 for Console, is a feature, where users with role ORGOWNER are able to create Javascript Code, which is invoked by the system at certain points during the login. Actions, for example, allow creating authorizations user grants on...