151 matches found
CVE-2025-12270
A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/assignmentid/tasks/taskid/subfile of the component Student Assignment Submission Handler. This manipulation causes improper...
EUVD-2020-14291
Malware in sbrugna...
EUVD-2018-13103
Malware in sbrugna...
EUVD-2019-9327
Malware in sbrugna...
EUVD-2021-19397
Malware in sbrugna...
EUVD-2018-6366
Malware in sbrugna...
EUVD-2019-18293
Malware in sbrugna...
EUVD-2025-24143
Malicious code in bioql PyPI...
EUVD-2024-25836
Malicious code in bioql PyPI...
EUVD-2025-29027
Malicious code in bioql PyPI...
EUVD-2022-43370
Malicious code in bioql PyPI...
PT-2025-38115
Name of the Vulnerable Software and Affected Versions: WP Import – Ultimate CSV XML Importer for WordPress plugin versions prior to 7.29 Description: The WP Import – Ultimate CSV XML Importer for WordPress plugin is susceptible to Remote Code Execution due to the write to customfile function...
CVE-2025-8575
CVE-2025-8575 concerns the LWS Cleaner WordPress plugin (versions up to and including 2.4.1.3). The vulnerability is an authenticated (Administrator+) arbitrary file deletion via the lws_cl_delete_file function, enabling an attacker with admin rights to delete server files (potentially enabling r...
CVE-2025-8575 LWS Cleaner <= 2.4.1.3 - Authenticated (Administrator+) Arbitrary File Deletion via 'lws_cl_delete_file'
The LWS Cleaner plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'lwscldeletefile' function in all versions up to, and including, 2.4.1.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to...
PT-2025-36371
Name of the Vulnerable Software and Affected Versions: Campcodes Grocery Sales and Inventory System version 1.0 Description: A cross site scripting issue exists in Campcodes Grocery Sales and Inventory System version 1.0. The issue is located in an unknown function of the file /index.php...
CVE-2025-9937
A security flaw has been discovered in elunez eladmin 1.1. Impacted is the function deleteFile of the component LocalStorageController. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be exploited...
Directory Traversal
Overview kwik is a Fast, batteries-included, business-oriented, opinionated REST APIs framework Affected versions of this package are vulnerable to Directory Traversal via the kwik.utils.files.storefile function due to improper validation of directory containment in the file upload helper, which...
CVE-2025-9731
A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etcro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity...
Linux Distros Unpatched Vulnerability : CVE-2022-46457
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NASM v2.16 was discovered to contain a segmentation violation in the component ieeewritefile at /output/outieee.c. CVE-2022-46457 Note that Nessus relies on the...
CVE-2025-5391
The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletefile function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...