EUVD-2026-31014

The Games Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the gccrud function which handles the delete action action=delete via a GET request without any wpverifynonce /...

EUVD-2020-5995

Malware in sbrugna...

Code injection

rConfig 3.9.4 and earlier allows authenticated code execution of system commands by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php...

CVE-2020-13778

rConfig 3.9.4 and earlier allows authenticated code execution of system commands by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php...

CVE-2020-13778

CVE-2020-13778 concerns rConfig (open source network device configuration utility). Affected are rConfig versions 3.9.4 and earlier. The root cause is remote code execution: an authenticated attacker can trigger system command execution by sending a forged GET request to lib/ajaxHandlers/ajaxAddT...