PT-2025-45071

Name of the Vulnerable Software and Affected Versions AI Engine plugin for WordPress versions prior to 3.1.4 AI Engine versions 2.8.x and 2.9.x prior to 2.9.5 Description The AI Engine plugin for WordPress has a Sensitive Information Exposure issue via the /mcp/v1/ REST API endpoint. When the...

EUVD-2005-0299

Malware in sbrugna...

EUVD-2003-1039

Malware in sbrugna...

EUVD-2021-16119

Malware in sbrugna...

EUVD-2019-0165

Malware in sbrugna...

EUVD-2005-3581

Malware in sbrugna...

EUVD-2018-10370

Malware in sbrugna...

EUVD-2013-0308

Malware in sbrugna...

EUVD-2010-0878

Malware in sbrugna...

EUVD-2007-4519

Malware in sbrugna...

EUVD-2022-2716

Malicious code in bioql PyPI...

EUVD-2024-41409

Malicious code in bioql PyPI...

EUVD-2022-33715

Malicious code in bioql PyPI...

EUVD-2022-40030

Malicious code in bioql PyPI...

CVE-2025-4573 LDAP Injection in Mattermost Enterprise Edition When Using Active Directory

Mattermost versions 10.7.x = 10.7.1, 10.6.x = 10.6.3, 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT...

CVE-2025-43715

Nullsoft Scriptable Install System NSIS before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition...

CVE-2025-32205

CVE-2025-32205 concerns Piotnet Forms. A path traversal issue affects Piotnet Forms versions from any earlier release up to 1.0.30. The vulnerability is currently listed as Unpatched in Wordfence/related sources, with a CVSS v3.1 base score of 2.7 (LOW). No exploitation details are provided in th...

CVE-2025-3169

CVE-2025-3169 affects Projeqtor up to 12.0.2. The vulnerability resides in the file /tool/saveAttachment.php where manipulating the attachmentFiles parameter enables unrestricted uploads. It can be triggered remotely, with attack complexity rated as high; exploitation is known to be difficult and...

Metasploit 2024 Annual Wrap-Up

Another year has come and gone, and the Metasploit team has taken some time to review the year’s notable additions. This year saw some great new features added, Metasploit 6.4 released and a slew of new modules. We’re grateful to the community members new and old that have submitted modules and...

A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.

...