CVE-2024-34567

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 1.1.29...

EUVD-2025-12086

Malicious code in bioql PyPI...

EUVD-2025-5411

Malicious code in bioql PyPI...

EUVD-2024-30494

Malicious code in bioql PyPI...

EUVD-2025-14847

Malicious code in bioql PyPI...

EUVD-2024-28366

Malicious code in bioql PyPI...

EUVD-2024-34870

Malicious code in bioql PyPI...

EUVD-2024-26907

Malicious code in bioql PyPI...

EUVD-2024-42548

Malicious code in bioql PyPI...

EUVD-2025-8802

Malicious code in bioql PyPI...

EUVD-2025-5396

Malicious code in bioql PyPI...

CVE-2025-57966

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Gallery Lightbox gallery-lightbox-slider allows Stored XSS.This issue affects Gallery Lightbox: from n/a through = 1.0.0.41...

PT-2025-38816

Name of the Vulnerable Software and Affected Versions GhozyLab Gallery Lightbox versions through 1.0.0.41 Description The software contains a flaw due to improper input handling during web page creation, leading to a Cross-site Scripting XSS issue. Specifically, the vulnerability allows for Store...

CVE-2024-30445

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10...

CVE-2024-29933

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10...

CVE-2024-32707

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Image Slider Widget allows Stored XSS.This issue affects Image Slider Widget: from n/a through 1.1.125...

CVE-2025-46230

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in GhozyLab Popup Builder easy-notify-lite allows PHP Local File Inclusion.This issue affects Popup Builder: from n/a through = 1.1.35...

CVE-2025-46230

CVE-2025-46230 affects WordPress Popup Builder (plugin) up to version 1.1.35. The vulnerability is an improper filename control in PHP Include/Require (Local File Inclusion). Impact per sources is high (C/VSS metrics), enabling potential arbitrary file access via LFI. Remediation: upgrade to a fi...

PT-2025-17758 · Unknown · Ghozylab Popup Builder

Name of the Vulnerable Software and Affected Versions: GhozyLab Popup Builder versions 1.1.35 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File...

CVE-2025-31586

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Gallery – Photo Albums Plugin easy-media-gallery allows Stored XSS.This issue affects Gallery – Photo Albums Plugin: from n/a through = 1.3.170...