EUVD-2025-27169

Malicious code in bioql PyPI...

EUVD-2025-27170

Malicious code in bioql PyPI...

EUVD-2025-27168

Malicious code in bioql PyPI...

CVE-2025-9113

The Doccure Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccuretempuploadtomedia' function in all versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2025-9114

The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticat...

CVE-2025-9114

The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticat...

CVE-2025-9112

The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccuretempfileuploader' function in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to...

CVE-2025-9113

The Doccure Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccuretempuploadtomedia' function in all versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2025-9114

CVE-2025-9114 affects the Doccure WordPress theme. Versions up to and including 1.4.8 are vulnerable due to user-controlled access to objects that bypasses authorization, enabling unauthenticated attackers to change user passwords and potentially take over administrator accounts. The issue has a ...

CVE-2025-9114 Doccure <= 1.5.0 - Unauthenticated Arbitrary User Password Change

The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticat...

CVE-2025-9113 Doccure Core <= 1.5.3 - Unauthenticated Arbitrary File Upload

The Doccure Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccuretempuploadtomedia' function in all versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2025-9113 Doccure <= 1.4.8 - Unauthenticated Arbitrary File Upload

The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccuretempuploadtomedia' function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...

CVE-2025-9113

CVE-2025-9113 concerns the Doccure WordPress theme. The vulnerability is an unauthenticated arbitrary file upload due to missing file-type validation in the doccure_temp_upload_to_media function, affecting all versions up to and including 1.4.8. Consequence: potential remote code execution on the...

CVE-2025-9112 Doccure <= 1.4.8 - Authenticated (Subscriber+) Arbitrary File Upload

The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccuretempfileuploader' function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to...

CVE-2025-9112 Doccure <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload

The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccuretempfileuploader' function in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to...

PT-2025-36494

Name of the Vulnerable Software and Affected Versions: Doccure theme for WordPress versions through 1.4.8 Description: The Doccure theme for WordPress is susceptible to arbitrary file uploads due to the absence of file type validation within the doccure temp upload to media function. This flaw...

PT-2025-36495

Name of the Vulnerable Software and Affected Versions: Doccure versions prior to 1.4.9 Description: The Doccure theme for WordPress is susceptible to unauthorized modification of user passwords. This occurs because the plugin allows user-controlled access to objects, enabling bypass of...

WordPress Doccure Theme <= 1.4.8 is vulnerable to Arbitrary File Upload

Software Doccure Type Theme Vulnerable versions = 1.4.8 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-9112 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 66ae90b5e147 Credits István Márton Required privilege Subscriber Publish...

WordPress Doccure Theme <= 1.4.8 is vulnerable to Broken Authentication

Software Doccure Type Theme Vulnerable versions = 1.4.8 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2025-9114 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID ed52533a6b26 Credits István Márton...

WordPress Doccure Theme <= 1.4.8 is vulnerable to Arbitrary File Upload

Software Doccure Type Theme Vulnerable versions = 1.4.8 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-9113 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a390d4c607ad Credits István Márton Required privilege Unauthenticated...