8823 matches found
EUVD-2025-24744
Malicious code in bioql PyPI...
EUVD-2025-31581
Malicious code in bioql PyPI...
EUVD-2025-7942
Malicious code in bioql PyPI...
EUVD-2025-8466
Malicious code in bioql PyPI...
EUVD-2025-27811
Malicious code in bioql PyPI...
How to Find Local File Inclusion (LFI) Vulnerabilities in WordPress Plugins and Themes
Local File Inclusion LFI occurs when user-controlled input is used to build a path to a file that is then included by the application. In WordPress and PHP web applications in general, this means values from $GET, $POST, $REQUEST, or other user-controlled sources end up in the include, require,...
CVE-2025-59940
mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8. Mitigation Mitigation for this issue is either not available or the...
CVE-2025-59940
mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8...
CVE-2025-59940 mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders
mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8...
CVE-2025-59940 mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders
mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8...
CVE-2025-59940 mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders
mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8...
Improper Neutralization of Escape Characters
Overview mkdocs-include-markdown-plugin is a Mkdocs Markdown includer plugin. Affected versions of this package are vulnerable to Improper Neutralization of Escape Characters in the placeholder substitution process. An attacker can cause unintended modifications to output or disrupt application...
GHSA-V39M-5M9J-M9W9 mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders
Impact CWE-20: Improper Input Validation Low impact Patches Patched in v7.1.8 commit https://github.com/mondeja/mkdocs-include-markdown-plugin/commit/7466d67aa0de8ffbc427204ad2475fed07678915 Workarounds No...
aiagents4pharma (>=1.3.0 <=1.48.1), aiagents4pharma-ansh (=0.0.0) +11 more potentially affected by CVE-2025-59940 via mkdocs-include-markdown-plugin (>=3.8.1 <=7.1.7)
mkdocs-include-markdown-plugin PYPI version =3.8.1, =1.3.0, =0.7.0, =2025.9.131446, =0.5.17, =0.1.0, =0.0.4, =2023.6.1, =0.0.130, =0.1.0, =0.1.1 Source cves: CVE-2025-59940 Source advisory: OSV:GHSA-V39M-5M9J-M9W9...
mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders
Impact CWE-20: Improper Input Validation Low impact Patches Patched in v7.1.8 commit https://github.com/mondeja/mkdocs-include-markdown-plugin/commit/7466d67aa0de8ffbc427204ad2475fed07678915 Workarounds No...
CVE-2025-60150
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows PHP Local File Inclusion.This issue affects Subscribe to Download: from n/a through = 2.0.9...
CVE-2025-60153
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wpshuffle Subscribe To Unlock subscribe-to-unlock allows PHP Local File Inclusion.This issue affects Subscribe To Unlock: from n/a through = 1.1.5...
CVE-2025-60126
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in PluginOps Testimonial Slider testimonial-add allows PHP Local File Inclusion.This issue affects Testimonial Slider: from n/a through = 3.5.8.6...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the uclincludecommon function. An attacker can execute arbitrary code or cause a denial of service by supplying crafted input to this function. Remediation A fix was pushed into the master branch but not y...
CVE-2025-11010
A vulnerability has been found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function uclincludecommon of the file /src/uclutil.c. Such manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the...