CVE-2025-13845

CVE-2025-13845 affects Schneider Electric EcoStruxure Power Build Rapsody. The Red Hat/NVD entries and Schneider Electric communications describe a CWE-416 Use After Free vulnerability (also noted as a Double Free in some sources) that could allow remote code execution when an end user imports a ...

EUVD-2026-2720

CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file SSD file shared by the attacker into Rapsody...

EUVD-2022-42753

Malicious code in bioql PyPI...

EUVD-2025-25033

Malicious code in bioql PyPI...

EUVD-2022-42721

Malicious code in bioql PyPI...

WordPress Import and export users and customers plugin <= 1.26.8 - Sensitive Information via Imported File vulnerability

Sensitive Information via Imported File vulnerability discovered by emad Patchstack Alliance in WordPress Plugin Import and export users and customers versions = 1.26.8...

PT-2023-14183 · WordPress · Custom Field Template

Name of the Vulnerable Software and Affected Versions: Custom Field Template WordPress plugin versions prior to 2.5.8 Description: The issue arises from the unserialization of the content of an imported file, potentially leading to PHP object injections when a high-privilege user imports a...

WordPress Ocean Extra Plugin < 2.0.5 PHP Objection Injection Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

Design/Logic Flaw

The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

PT-2022-21856 · WordPress · Ocean Extra

Name of the Vulnerable Software and Affected Versions: Ocean Extra WordPress plugin versions prior to 2.0.5 Description: The issue arises from the unserialization of the content of an imported file, potentially leading to PHP object injections when a high-privilege user imports a malicious...

PT-2022-21871 · WordPress · Customizer Export/Import

Name of the Vulnerable Software and Affected Versions: Customizer Export/Import WordPress plugin versions prior to 0.9.5 Description: The issue arises from the plugin unserializing the content of an imported file, potentially leading to PHP object injection issues when a malicious file is importe...

WordPress plugin Ocean Extra 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

Hipchat Server Arbitrary Code Execution Vulnerability

Hipchat Server is a set of team chat tools that supports group and 1-to-1 voice and video chat with screen sharing. A security vulnerability exists in Hipchat Server versions prior to 2.2.3. A remote attack could exploit the vulnerability to execute arbitrary code via an imported file...