15 matches found
EUVD-2025-29411
Malicious code in bioql PyPI...
EUVD-2025-11996
Malicious code in bioql PyPI...
CVE-2025-46512
Cross-Site Request Forgery CSRF vulnerability in Shamim Hasan Custom Functions Plugin custom-functions allows Stored XSS.This issue affects Custom Functions Plugin: from n/a through = 1.1...
WordPress Custom Functions Plugin plugin <= 1.1 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by johska in WordPress Plugin Custom Functions Plugin versions = 1.1...
CVE-2025-46512
Cross-Site Request Forgery CSRF vulnerability in Shamim Hasan Custom Functions Plugin custom-functions allows Stored XSS.This issue affects Custom Functions Plugin: from n/a through = 1.1...
CVE-2025-46512
CVE-2025-46512 describes a CSRF to Stored XSS vulnerability in Shamim Hasan Custom Functions Plugin (WordPress) affecting versions from n/a through 1.1. The CVSSv3.1 base score is 7.1 ( HIGH ) with network attack vector, requiring user interaction. Affected component is the Custom Functions Plugi...
CVE-2025-46512 WordPress Custom Functions Plugin plugin <= 1.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in Shamim Hasan Custom Functions Plugin custom-functions allows Stored XSS.This issue affects Custom Functions Plugin: from n/a through = 1.1...
PT-2025-17818 · Unknown · Shamim Hasan Custom Functions Plugin
Name of the Vulnerable Software and Affected Versions: Shamim Hasan Custom Functions Plugin versions 1.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. Recommendations: For Shamim Hasan Custom Functions Plugin versions 1.1 and earlier...
WordPress plugin Custom Functions Plugin 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
GHSA-PXW4-94J3-V9PF SurrealDB CPU exhaustion via custom functions result in total DoS
SurrealDB allows authenticated users with OWNER or EDITOR permissions at the root, database or namespace levels to define their own database functions using the DEFINE FUNCTION statement A custom database function comprises a name together with a function body. In the function body, the user...
SurrealDB CPU exhaustion via custom functions result in total DoS
SurrealDB allows authenticated users with OWNER or EDITOR permissions at the root, database or namespace levels to define their own database functions using the DEFINE FUNCTION statement A custom database function comprises a name together with a function body. In the function body, the user...
PT-2023-15514 · Undefined · Undefined
exploit 1. Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI CVE-2022-47882, CVE-2022-47883, CVE-2022-47884, CVE-2022-47885 https://blog.assetnote.io/2023/01/24/yellowfin-auth-bypass-to-rce 2. DLL exploit for Roblox with custom functions, level 8 execution, multi Roblox injection, and a...
Input validation
A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due t...
Microsoft Adds Support for JavaScript in Excel—What Could Possibly Go Wrong?
Shortly after Microsoft announced support for custom JavaScript functions in Excel, someone demonstrated what could possibly go wrong if this feature is abused for malicious purposes. As promised last year at Microsoft's Ignite 2017 conference, the company has now brought custom JavaScript...
Unauthorized Access Backdoor found in D-Link router Firmware Code
A number of D-Link routers reportedly have an issue that makes them susceptible to unauthorized backdoor access. The researcher Craig, specialized on the embedded device hacking - demonstrated the presence of a backdoor within some DLink routers that allows an attacker to access the administratio...