CVE-2018-1000198

A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document...

CVE-2018-1000190

A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

CVE-2025-62931 WordPress MSN Partner Hub plugin <= 2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in microsoftstart MSN Partner Hub microsoft-start allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSN Partner Hub: from n/a through = 2.9...

WordPress plugin MSN Partner Hub 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2022-3225

Malicious code in bioql PyPI...

EUVD-2024-50593

Malicious code in bioql PyPI...

EUVD-2022-1920

Malicious code in bioql PyPI...

CVE-2025-8487

The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with Subscriber-lev...

CVE-2025-8487 Kubio AI Page Builder <= 2.6.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation

The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with Subscriber-lev...

CVE-2025-8487

CVE-2025-8487 affects Kubio AI Page Builder for WordPress up to version 2.6.3. The vulnerability is caused by a missing capability check on the kubio-image-hub-install-plugin AJAX action, enabling authenticated users with Subscriber-level access and above to install the Image Hub plugin. Exploita...

PT-2025-38508

Name of the Vulnerable Software and Affected Versions Kubio AI Page Builder plugin for WordPress versions up to and including 2.6.3 Description The Kubio AI Page Builder plugin for WordPress is susceptible to unauthorized plugin installation due to a missing capability check on the...

CVE-2024-13683

The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.0. This is due to missing or incorrect nonce validation on the 'automatehub' page. This makes it possible for unauthenticated attackers to update an...

CVE-2024-12099

The Dollie Hub – Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for...

CVE-2018-1000197

An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration...

abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.10.5.2rc3 <=0.11.0rc1) +31 more potentially affected by CVE-2025-24023 via flask-appbuilder (>=4.1.2 <=4.5.2)

flask-appbuilder PYPI version =4.1.2, =0.10.5.2rc3, =0.2.1, =0.8.2, =0.3.1, =0.0.4, =0.0.1a0, =2.3.3, =1.0.0, =1.0.0rc1, =1.0.2, =1.0.0rc1, =1.8.1rc1 and more Source cves: CVE-2025-24023 Source advisory: SNYK:PYTHON-FLASKAPPBUILDER-9058045...

PT-2024-17437 · WordPress · Dollie Hub – Build Your Own Wordpress Cloud Platform

Name of the Vulnerable Software and Affected Versions: Dollie Hub – Build Your Own WordPress Cloud Platform plugin for WordPress versions up to, and including, 6.2.0 Description: The issue concerns insufficient restrictions on which posts can be included via the elementor-template shortcode. This...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Libsyn Libsyn Publisher Hub plugin = 1.4.4 versions...

CVE-2023-45835 WordPress Libsyn Publisher Hub Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Libsyn Libsyn Publisher Hub plugin = 1.4.4 versions...

Solidres, 2.13.3, hub plugin XSS (Cross Site Scripting)

https://www.solidres.com/forum/report-bugs/12031-vulnerability-joomla-solidres-2-13-3-reflected-xss...

MAL-2022-957 Malicious code in amazon-s3-data-replication-hub-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e4ca6ae6edf3790eb5efb9ad36e153e033bf826c074090d9d9cb473b1c56b5d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...