Lucene search
K

1620 matches found

Positive Technologies
Positive Technologies
added 2025/12/20 12:0 a.m.7 views

PT-2025-52547

Name of the Vulnerable Software and Affected Versions Flex Store Users plugin for WordPress versions prior to 1.1.1 Description The Flex Store Users plugin for WordPress is susceptible to privilege escalation. Unauthenticated attackers can register with the 'administrator' role during registratio...

9.8CVSS6.4AI score0.00317EPSS
Exploits0References11
Patchstack
Patchstack
added 2025/12/08 6:45 a.m.19 views

WordPress Flex QR Code Generator plugin <= 1.2.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin Flex QR Code Generator versions = 1.2.7...

9.8CVSS5.3AI score0.00631EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/07 6:5 a.m.10 views

CVE-2025-12673

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateqrcode function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

9.8CVSS6.6AI score0.00631EPSS
Exploits1References1
NVD
NVD
added 2025/12/06 6:15 a.m.8 views

CVE-2025-12673

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateqrcode function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

9.8CVSS0.00631EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/06 5:49 a.m.6 views

CVE-2025-12673 Flex QR Code Generator <= 1.2.7 - Unauthenticated Arbitrary File Upload

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateqrcode function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

9.8CVSS6.5AI score0.00631EPSS
Exploits1References5
CVE
CVE
added 2025/12/06 5:49 a.m.25 views

CVE-2025-12673

CVE-2025-12673 affects the WordPress plugin Flex QR Code Generator (versions up to ≤ 1.2.6; notes also reference ≤ 1.2.7). The root cause is missing file type validation in update_qr_code(), enabling unauthenticated users to upload arbitrary files via the logo upload path. Attacks can store uploa...

9.8CVSS6.6AI score0.00631EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/06 5:49 a.m.27 views

CVE-2025-12673 Flex QR Code Generator <= 1.2.7 - Unauthenticated Arbitrary File Upload

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateqrcode function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

9.8CVSS0.00631EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/06 12:0 a.m.10 views

WordPress plugin Flex QR Code Generator 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

9.8CVSS6.8AI score0.00631EPSS
Exploits1References5
EUVD
EUVD
added 2025/11/25 12:16 a.m.5 views

EUVD-2025-199367

Malicious code in eslint-config-kinvey-flex-service npm...

6.6AI score
Exploits0References3
EUVD
EUVD
added 2025/11/24 11:3 p.m.4 views

EUVD-2025-199128

Malicious code in kinvey-flex-scripts npm...

6.6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 11:3 p.m.6 views

Malicious code in kinvey-flex-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2db8900040473f66489c468a226e662892ffd1324837d5096c33e16fc43bdd7a The package kinvey-flex-scripts was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
OSV
OSV
added 2025/11/24 11:3 p.m.4 views

MAL-2025-191119 Malicious code in kinvey-flex-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2db8900040473f66489c468a226e662892ffd1324837d5096c33e16fc43bdd7a The package kinvey-flex-scripts was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
EUVD
EUVD
added 2025/11/24 10:51 p.m.2 views

EUVD-2025-199171

Malicious code in create-kinvey-flex-service npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 10:51 p.m.6 views

Malicious code in create-kinvey-flex-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c18f134df78210871fbeb0ee41ee973c4622f7c2f19cde796751a63da45cba75 The package create-kinvey-flex-service was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
OSV
OSV
added 2025/11/24 10:51 p.m.4 views

MAL-2025-191083 Malicious code in create-kinvey-flex-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c18f134df78210871fbeb0ee41ee973c4622f7c2f19cde796751a63da45cba75 The package create-kinvey-flex-service was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 10:50 p.m.6 views

Malicious code in babel-preset-kinvey-flex-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95227fb68cd76580469df042e11e087ac694eaf2d50c6ac95514edcaee6056a4 The package babel-preset-kinvey-flex-service was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
EUVD
EUVD
added 2025/11/24 10:50 p.m.4 views

EUVD-2025-199175

Malicious code in babel-preset-kinvey-flex-service npm...

6.6AI score
Exploits0References1
Snyk
Snyk
added 2025/11/24 8:33 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Snyk
Snyk
added 2025/11/24 8:33 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
EUVD
EUVD
added 2025/11/24 6:31 p.m.7 views

EUVD-2025-198890

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...

6AI score0.00161EPSS
Exploits0References4
Rows per page
Query Builder