348 matches found
OWASP FinBot CTF 0.2
FinBot is an Agentic AI security CTF platform from OWASP. Interact with AI agents, exploit real vulnerabilities, and learn to secure agentic systems. All from your browser...
CVE-2021-47975
WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter. Attackers can submit POST requests to the jslmfieldordering page with XSS payloads in the fieldtitle field to execute...
CVE-2021-47975
WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter. Attackers can submit POST requests to the jslmfieldordering page with XSS payloads in the fieldtitle field to execute...
CVE-2021-47975
Vulnerability summary (CVE-2021-47975) : The WordPress plugin WP Learn Manager 1.1.2 contains a stored cross-site scripting (XSS) flaw in the fieldtitle parameter. An unauthenticated attacker can submit POST requests to the jslm_fieldordering page with XSS payloads in fieldtitle, enabling arbitra...
EUVD-2021-34830
WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter. Attackers can submit POST requests to the jslmfieldordering page with XSS payloads in the fieldtitle field to execute...
WordPress plugin WP Learn Manager 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
EUVD-2026-14691
The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filtersorderbyorder' parameter in the 'learndashpropaneltemplate' AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user supplied parameter and lack o...
CVE-2026-2446
CVE-2026-2446 affects the PowerPack for LearnDash WordPress plugin prior to 1.3.0. The issue is an missing authorization and CSRF protection in an AJAX action, enabling unauthenticated users to update arbitrary WordPress options (e.g., default_role) and to create arbitrary admin users. Impact is ...
WordPress plugin PowerPack for LearnDash 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-23682
DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive...
SUSE CVE-2026-20796
Mattermost versions 10.11.x = 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /commonteams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549...
EUVD-2021-23337
Malware in sbrugna...
EUVD-2020-29839
Malware in sbrugna...
EUVD-2017-9390
Malware in sbrugna...
EUVD-2018-5206
Malware in sbrugna...
EUVD-2021-23336
Malware in sbrugna...
EUVD-2012-6587
Malware in sbrugna...
EUVD-2024-1966
Malicious code in bioql PyPI...
EUVD-2025-22763
Malicious code in bioql PyPI...
EUVD-2024-1956
Malicious code in bioql PyPI...