PT-2026-49413

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi Save Entries, File Upload & Country Code Field = 1.0.6 versions...

CVE-2026-8143 Booking Calendar – Event Calendar <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters

The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hbcountryiso', 'hbusastateiso', and 'hbcanadaprovinceiso' parameters in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress plugin HBook 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field plugin <= 1.0.6 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by babyhack@OPCIA in WordPress Plugin Contact Form Extender for Divi Save Entries, File Upload & Country Code Field versions = 1.0.6...

CVE-2026-0119

Summary: CVE-2026-0119 involves an out-of-bounds write caused by memory corruption in the function usim_SendMCCMNCIndMsg within usim_Registration.c. The vulnerability can enable a physical escalation of privilege with no additional execution privileges required and no user interaction needed. The...

CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

CTM360 has identified a rapidly expanding WhatsApp account-hacking campaign targeting users worldwide via a network of deceptive authentication portals and impersonation pages. The campaign, internally dubbed HackOnChat, abuses WhatsApp's familiar web interface, using social engineering tactics t...

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27637)

IPFire is an open source Linux distribution from the IPFire organization. It is mainly used as a router and firewall. A cross-site scripting vulnerability exists in IPFire that stems from the COUNTRYCODE parameter not being properly cleaned and encoded, which can be exploited by an attacker to...

CVE-2025-34301

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRYCODE parameter when creating a location group. When a user adds a new location group, the application...

CVE-2025-34301

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRYCODE parameter when creating a location group. When a user adds a new location group, the application...

CVE-2025-34301

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRYCODE parameter when creating a location group. When a user adds a new location group, the application...

CVE-2025-34301

IPFire R2 (before 2.29 Core Update 198) is vulnerable to stored XSS via the COUNTRY_CODE parameter when creating a location group. An authenticated attacker can supply malicious JavaScript in COUNTRY_CODE, which is stored and later rendered in the web interface without proper sanitization/encodin...

CVE-2025-34301 IPFire < v2.29 Stored XSS via Location Group Creation

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRYCODE parameter when creating a location group. When a user adds a new location group, the application...

EUVD-2025-36517

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRYCODE parameter when creating a location group. When a user adds a new location group, the application...

CVE-2025-34301 IPFire < v2.29 Stored XSS via Location Group Creation

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRYCODE parameter when creating a location group. When a user adds a new location group, the application...

PT-2025-44160

Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire is affected by a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code into the COUNTRY CODE parameter when creating a location...

EUVD-2023-52856

Malicious code in bioql PyPI...

EUVD-2025-27291

Malicious code in bioql PyPI...

EUVD-2023-52869

Malicious code in bioql PyPI...

EUVD-2023-52868

Malicious code in bioql PyPI...

CVE-2025-57087

Tenda W30E V16.01.0.19 5037 was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...