83 matches found
CVE-2025-32785 Pi-hole Admin Interface vulnerable to persistent XSS on Subscribed lists group management (Adress Field)
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting XSS via the Address field in the Subscribed Lists group management section...
PT-2025-44010
Name of the Vulnerable Software and Affected Versions Pi-hole Admin Interface versions prior to 6.3 Description The Pi-hole Admin Interface, a web interface for managing the Pi-hole advertisement and internet tracker blocking application, is susceptible to a cross-site scripting XSS issue. This...
Photon OS 4.0: Mysql PHSA-2025-4.0-0894
An update of the mysql package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0894. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
DLA-4332-1 distro-info-data - database update
Bulletin has no description...
EUVD-2021-0625
Malware in sbrugna...
EUVD-2017-12024
Malware in sbrugna...
EUVD-2025-32129
Malicious code in bioql PyPI...
Malicious code in database-update-send-email (npm)
The package database-update-send-email was found to contain malicious code...
MAL-2025-17996 Malicious code in database-update-send-email (npm)
The package database-update-send-email was found to contain malicious code...
KB5063760 - Description of the security update for SQL Server 2017 GDR: August 12, 2025
KB5063760 - Description of the security update for SQL Server 2017 GDR: August 12, 2025 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains fix...
DLA-4266-1 distro-info-data - database update
Bulletin has no description...
CVE-2025-48264 WordPress Product Code for WooCommerce plugin <= 1.5.0 - CSRF to Database Update vulnerability
Cross-Site Request Forgery CSRF vulnerability in artiosmedia Product Code for WooCommerce product-code-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Code for WooCommerce: from n/a through = 1.5.0...
CVE-2025-48264
CVE-2025-48264 : WordPress plugin Product Code for WooCommerce has a CSRF-to-database-update vulnerability affecting versions
CVE-2025-48264 WordPress Product Code for WooCommerce plugin <= 1.5.0 - CSRF to Database Update vulnerability
Cross-Site Request Forgery CSRF vulnerability in artiosmedia Product Code for WooCommerce product-code-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Code for WooCommerce: from n/a through = 1.5.0...
Securing WiFi Fingerprint-Based Indoor Localization Systems from Malicious Access Points
WiFi fingerprint-based indoor localization schemes deliver highly accurate location data by matching the received signal strength indicator RSSI with an offline database using machine learning ML or deep learning DL models. However, over time, RSSI values degrade due to the malicious behavior of...
DLA-4138-1 distro-info-data - database update
Bulletin has no description...
CVE-2024-10664 Knowledge Base documentation & wiki plugin – BasePress Docs <= 2.16.3.3 - Missing Authorization to Authenticated (Subscriber+) Database Update
The Knowledge Base documentation & wiki plugin – BasePress Docs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the basepressdbpostsupdate function in all versions up to, and including, 2.16.3.3. This makes it possible for authenticated...
WordPress BasePress Docs plugin <= 2.16.3.3 - Missing Authorization to Authenticated (Subscriber+) Database Update vulnerability
Missing Authorization to Authenticated Subscriber+ Database Update vulnerability discovered by BrokenAC ignore in WordPress Plugin Knowledge Base documentation & wiki plugin – BasePress versions = 2.16.3.3...
Security update for govulncheck-vulndb
This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20241104T154416 2024-11-04T15:44:16Z. Refs jscPED-11136 Go CVE Numbering Authority IDs added or updated with aliases: GO-2024-3233 CVE-2024-46872 GHSA-762g-9p7f-mrww GO-2024-3234 CVE-2024-47401 GHSA-762v-rq7q-ff9...
SportsNET SQL Injection Vulnerability (CNVD-2024-37600)
SportsNET is a sports event network application from SportsNET, Inc. SportsNET suffers from a SQL injection vulnerability that can be exploited by an attacker to retrieve, update, and delete all information in the database via a specially crafted SQL query...