CVE-2023-25767

A cross-site request forgery CSRF vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server...

CVE-2025-11600

A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected is an unknown function of the file editcategory.php. Such manipulation of the argument cname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed...

CVE-2025-27461 CVE-2025-27461

During startup, the device automatically logs in the EPC2 Windows user without requesting a password...

CVE-2025-31104

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker...

CVE-2025-5531

CVE-2025-5531 – The WordPress plugin “Employee Directory – Staff Listing & Team Directory” is affected by a Stored Cross-Site Scripting (Stored XSS) via the emd_mb_meta shortcode, in all versions up to 4.5.0. The root cause is insufficient input sanitization and output escaping on user-supplied a...

CVE-2024-3703

The Carousel Slider WordPress plugin before 2.2.10 does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2020-27258

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vulnerability in the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows unauthenticated attackers to extract the pump’s keypad lock PIN via Bluetooth...

CVE-2010-2019

SQL injection vulnerability in downlot.php in Lokomedia CMS 1.4.1, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2025-47935

creationtimestamp| type| source ---|---|--- 2025-05-19 17:28:32+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3lpk3uxh4c22q 2025-05-19 19:39:12+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16918 2025-05-19 21:13:11+00:00| seen|...

CVE-2025-3851

The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 1.1.0 to 2.7.13 via the show function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

CVE-2025-46827

Graylog has a vulnerability (CVE-2025-46827) where an HTML form in an Event Definition Remediation Step can leak user session cookies if an attacker has create-event-definition rights and the victim can view alerts, with an active input to receive form data. Affected versions are before 6.0.14, 6...

CVE-2025-45617

Incorrect access control in the component /user/list of productionssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload...

CVE-2025-22018

creationtimestamp| type| source ---|---|--- 2025-04-16 06:48:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmvyq6oj6e2a 2025-04-16 10:10:34+00:00| seen| https://t.me/cvedetector/23055 2025-04-20 10:07:40+00:00| seen| https://bsky.app/profile/omo.bsky.social/post/3lnafpwdvic2b...

WordPress Nova Blocks by Pixelgrade plugin <= 2.1.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Nova Blocks versions = 2.1.8...

CVE-2025-26604

Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions.py, featuring modular extension management and secure execution. Because of the nature of arbitrary user-submited code execution, this allows user to execute potentially malicious code to perform damage or extract...

CVE-2024-57668

In Code-projects Shopping Portal v1.0, the insert-product.php page has an arbitrary file upload vulnerability...

CVE-2024-39608

A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerability...

CVE-2024-13295 Node export - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-061

Deserialization of Untrusted Data vulnerability in Drupal Node export allows Object Injection.This issue affects Node export: from 7.X- before 7.X-3.3...

CVE-2024-56366

PhpSpreadsheet contains an unauthorized reflected XSS in Accounting.php via the currency parameter. Affected versions are prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7. The vulnerability can be triggered using the samples/Wizards/NumberFormat/Accounting.php script (PoC shown in the referenced material...

CVE-2024-56585

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix sleeping in atomic context for PREEMPTRT Commit bab1c299f3945ffe79 "LoongArch: Fix sleeping in atomic context in setuptlbhandler" changes the gfp flag from GFPKERNEL to GFPATOMIC for allocpagesnode. However, for...