Sonatype Nexus Repository Manager 3 - Local File Inclusion

Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1. id: CVE-2024-4956 info: name: Sonatype Nexus Repository Manager 3 - Local File Inclusion author: ritikchaddha severity: high description: | Path Traversal in Sonatype...

EUVD-2021-33480

Malicious code in bioql PyPI...

WordPress Nest Addons Plugin <= 1.6.3 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Bonds in WordPress Plugin Nest Addons versions = 1.6.3...

WordPress Blogvy Theme <= 1.0.7 is vulnerable to Local File Inclusion

Software Blogvy Type Theme Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49279 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 32ad01b31638 Credits Le Ngoc Anh Required privilege Unauthenticated...

WordPress Lesya Theme <= 1.7.2 is vulnerable to Local File Inclusion

Software Lesya Type Theme Vulnerable versions = 1.7.2 Fixed in 1.7.3 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID b9712c5f2cb9 Credits Bonds Required privilege Unauthenticated Published ...

WordPress Aeropage Sync for Airtable plugin <= 3.2.0 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Cheng Liu in WordPress Plugin Aeropage Sync for Airtable versions = 3.2.0...

WordPress Vehica Core plugin <= 1.0.97 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin Vehica Core versions = 1.0.97...

WordPress Import Export Suite for CSV and XML Datafeed plugin <= 7.19 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by mikemyers in WordPress Plugin WP Ultimate CSV Importer versions = 7.19...

WordPress Time Clock Pro Plugin <= 1.1.4 is vulnerable to Remote Code Execution (RCE)

Software Time Clock Pro Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-9593 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 9837dd0a77ff Credits István Márton Required privilege...

WordPress File Manager Pro Plugin <= 8.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.9 Fixed in 8.3.10 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8507 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID caf0adb29b86 Credits TANG Cheuk Hei...

WordPress Charitable Plugin <= 1.8.1.14 is vulnerable to Privilege Escalation

Software Charitable Type Plugin Vulnerable versions = 1.8.1.14 Fixed in 1.8.1.15 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8791 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 04c66e8c147c Credits wesley...

WordPress Media.net Ads Manager Plugin <= 2.10.13 is vulnerable to Arbitrary File Upload

Software Media.net Ads Manager Type Plugin Vulnerable versions = 2.10.13 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6431 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 89eb205a9ac8 Credits István Márton Required privilege...

Intel® System Support Utility for Windows* Advisory

Summary: A potential security vulnerability in Intel® System Support Utility for Windows may allow an escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2019-0088 Description: Insufficient path checking in Intel...