WordPress Career Section plugin <= 1.6 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability

Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by Ivan Cese in WordPress Plugin Career Section versions = 1.6...

WordPress The Bucketlister plugin <= 0.1.5 - Authenticated (Contributor+) SQL Injection via `category` and `id` Shortcode Attributes vulnerability

Authenticated Contributor+ SQL Injection via category and id Shortcode Attributes vulnerability discovered by Ivan Cese in WordPress Plugin The Bucketlister versions = 0.1.5...

WordPress PDF Resume Parser plugin <= 1.0 - Unauthenticated Sensitive Information Disclosure in SMTP Credentials vulnerability

Unauthenticated Sensitive Information Disclosure in SMTP Credentials vulnerability discovered by Ivan Cese in WordPress Plugin PDF Resume Parser versions = 1.0...

WordPress ProjectList plugin <= 0.3.0 - Authenticated (Editor+) SQL Injection via 'id' Parameter vulnerability

Authenticated Editor+ SQL Injection via 'id' Parameter vulnerability discovered by Ivan Cese in WordPress Plugin ProjectList versions = 0.3.0...

WordPress Simple User Import Export plugin <= 1.1.7 - Authenticated (Admin+) CSV Injection vulnerability

Authenticated Admin+ CSV Injection vulnerability discovered by Ivan Cese in WordPress Plugin Simple User Import Export versions = 1.1.7...

WordPress Top Friends plugin <= 0.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Ivan Cese in WordPress Plugin Top Friends versions = 0.3...

WordPress Local Syndication plugin <= 1.5a - Authenticated (Contributor+) Server-Side Request Forgery via Shortcode vulnerability

Authenticated Contributor+ Server-Side Request Forgery via Shortcode vulnerability discovered by Ivan Cese in WordPress Plugin Local Syndication versions = 1.5a...

WordPress CSV to SortTable plugin <= 4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin CSV to SortTable versions = 4.2...

EUVD-2018-13122

Malware in sbrugna...

EUVD-2018-13123

Malware in sbrugna...

EUVD-2007-2671

Malware in sbrugna...

EUVD-2018-13143

Malware in sbrugna...

EUVD-2007-2068

Malware in sbrugna...

EUVD-2018-13142

Malware in sbrugna...

EUVD-2025-26894

Malicious code in bioql PyPI...

EUVD-2024-52549

Malicious code in bioql PyPI...

USN-7787-1 libxslt vulnerabilities

Ivan Fratric discovered that Libxslt did not correctly handle certain memory operations. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service...

CVE-2018-20568

Administrator/index.php in Ivan Cordoba Generic Content Management System CMS through 2018-04-28 allows SQL injection for authentication bypass...

CVE-2018-20569

user/index.php in Ivan Cordoba Generic Content Management System CMS through 2018-04-28 allows SQL injection for authentication bypass...

Smart Manager 8.27.0 - Post-Authenticated SQL Injection

Exploit Title: Smart Manager 8.27.0 - Post-Authenticated SQL Injection Date: 2024-01-18 Exploit Author: Ivan Spiridonov - xbz0n Vendor Homepage: https://www.storeapps.org/ Software Link: https://www.storeapps.org/product/smart-manager/ Version: 8.27.0 Tested on: Ubuntu 22.04 CVE: CVE-2024-0566 SQ...