WordPress FileBird – WordPress Media Library Folders & File Manager plugin <= 6.4.8 - Authenticated (Author+) SQL Injection vulnerability

Authenticated Author+ SQL Injection vulnerability discovered by Kenneth Billones in WordPress Plugin Filebird versions = 6.4.8...

WordPress Campus Directory plugin <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via noaccessmsg Parameter vulnerability discovered by muhammad yudha in WordPress Plugin Campus Directory versions = 1.9.1...

@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers

Summary A critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox safe-eval-like implementation. Due to improper...

CVE-2025-8217

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

Malicious code in support-developer (PyPI)

--- -= Per source details. Do not edit below this line.=-...

WordPress Easy Elementor Addons plugin <= 2.2.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Abu Hurayra in WordPress Plugin Easy Elementor Addons versions = 2.2.6...

WordPress JetTabs Plugin plugin <= 2.2.9.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin JetTabs versions = 2.2.9.1...

CVE-2025-8217

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

CVE-2025-8217

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

CVE-2025-8217

CVE-2025-8217 documents describe a vulnerability in the Amazon Q Developer VS Code extension. The v1.84.0 extension contains inert, injected code intended to call the Q Developer CLI, which executes when the extension is launched in VS Code, but the injected code has a syntax error that prevents ...

CVE-2025-8217 Inert Malicious script injected into Amazon Q Developer Visual Studio Code (VS Code) Extension

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

Amazon Q Developer Visual Studio Code extension 安全漏洞

Amazon Q Developer Visual Studio Code extension is an extension in VS Code from Amazon.com, USA. A security vulnerability exists in Amazon Q Developer Visual Studio Code extension version v1.84.0, which stems from a syntax error in the injected code that causes API calls to fail...

PT-2025-31362

Name of the Vulnerable Software and Affected Versions Amazon Q Developer Visual Studio Code VS Code extension version 1.84.0 Description The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains injected code intended to call the Q Developer CLI. This code executes upon extensi...

WordPress Fan Page plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via width Parameter vulnerability discovered by Gilang in WordPress Plugin Fan Page versions = 1.0.1...

WordPress WP REST Cache <= 2025.1.0 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin WP REST Cache versions = 2025.1.0...

WordPress KALLYAS - Creative eCommerce Multi-Purpose WordPress Theme Theme <= 4.21.0 is vulnerable to Local File Inclusion

Software KALLYAS - Creative eCommerce Multi-Purpose WordPress Theme Type Theme Vulnerable versions = 4.21.0 Fixed in 4.22.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2025-6991 Patch priority Low CVSS severity Low 7.5 Developer EPC PSID 34bd1e68ee25 Credits stealthcopt...

WordPress WoodMart Theme <= 8.2.6 is vulnerable to Broken Access Control

Software WoodMart Type Theme Vulnerable versions = 8.2.6 Fixed in 8.2.7 OWASP Top 10 A3: Injection Classification Broken Access Control CVE CVE-2025-8097 Patch priority Low CVSS severity Low 5.3 Developer Xtemos PSID edd2e4c45666 Credits Samir El Khaouti Required privilege Unauthenticated Publish...

WordPress Valuation Calculator plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via link Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via link Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Valuation Calculator versions = 1.3.2...

WordPress SureForms plugin < 1.7.2 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin SureForms versions 1.7.2...

RuoYi 安全漏洞

RuoYi is a backend management system by the individual developer of RuoYi in China. A security vulnerability exists in RuoYi 4.8.1 and earlier versions, which stems from an improper restriction of the rendering UI layer of the Image Source Handler component...