1620 matches found
PT-2025-52547
Name of the Vulnerable Software and Affected Versions Flex Store Users plugin for WordPress versions prior to 1.1.1 Description The Flex Store Users plugin for WordPress is susceptible to privilege escalation. Unauthenticated attackers can register with the 'administrator' role during registratio...
WordPress Flex QR Code Generator plugin <= 1.2.7 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin Flex QR Code Generator versions = 1.2.7...
CVE-2025-12673
The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateqrcode function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...
CVE-2025-12673
The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateqrcode function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...
CVE-2025-12673 Flex QR Code Generator <= 1.2.7 - Unauthenticated Arbitrary File Upload
The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateqrcode function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...
CVE-2025-12673
CVE-2025-12673 affects the WordPress plugin Flex QR Code Generator (versions up to ≤ 1.2.6; notes also reference ≤ 1.2.7). The root cause is missing file type validation in update_qr_code(), enabling unauthenticated users to upload arbitrary files via the logo upload path. Attacks can store uploa...
CVE-2025-12673 Flex QR Code Generator <= 1.2.7 - Unauthenticated Arbitrary File Upload
The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateqrcode function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...
WordPress plugin Flex QR Code Generator 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
EUVD-2025-199367
Malicious code in eslint-config-kinvey-flex-service npm...
EUVD-2025-199128
Malicious code in kinvey-flex-scripts npm...
Malicious code in kinvey-flex-scripts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2db8900040473f66489c468a226e662892ffd1324837d5096c33e16fc43bdd7a The package kinvey-flex-scripts was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191119 Malicious code in kinvey-flex-scripts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2db8900040473f66489c468a226e662892ffd1324837d5096c33e16fc43bdd7a The package kinvey-flex-scripts was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199171
Malicious code in create-kinvey-flex-service npm...
Malicious code in create-kinvey-flex-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c18f134df78210871fbeb0ee41ee973c4622f7c2f19cde796751a63da45cba75 The package create-kinvey-flex-service was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191083 Malicious code in create-kinvey-flex-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c18f134df78210871fbeb0ee41ee973c4622f7c2f19cde796751a63da45cba75 The package create-kinvey-flex-service was found to contain malicious code. Source: ghsa-malware...
Malicious code in babel-preset-kinvey-flex-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95227fb68cd76580469df042e11e087ac694eaf2d50c6ac95514edcaee6056a4 The package babel-preset-kinvey-flex-service was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199175
Malicious code in babel-preset-kinvey-flex-service npm...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
EUVD-2025-198890
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...