CVE-2025-23676

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shawfactor LH Email lh-email allows Reflected XSS.This issue affects LH Email: from n/a through = 1.12...

CVE-2025-23547

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shawfactor LH Login Page lh-login-page allows Reflected XSS.This issue affects LH Login Page: from n/a through = 2.14...

EUVD-2025-3335

Malicious code in bioql PyPI...

EUVD-2023-38282

Malicious code in bioql PyPI...

EUVD-2025-3242

Malicious code in bioql PyPI...

EUVD-2024-30335

Malicious code in bioql PyPI...

EUVD-2024-45408

Malicious code in bioql PyPI...

EUVD-2025-7917

Malicious code in bioql PyPI...

CVE-2025-9633

The LH Signing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.83. This is due to missing or incorrect nonce validation on the pluginoptions function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...

CVE-2025-9633

The LH Signing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.83. This is due to missing or incorrect nonce validation on the pluginoptions function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...

CVE-2025-9633 LH Signing <= 2.83 - Cross-Site Request Forgery

The LH Signing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.83. This is due to missing or incorrect nonce validation on the pluginoptions function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...

CVE-2025-9633

CVE-2025-9633: LH Signing WordPress plugin vulnerabilities exist in all versions up to 2.83 due to missing or incorrect nonce validation in the plugin_options function, enabling CSRF. This allows unauthenticated attackers to modify plugin settings by inducing an admin action (e.g., clicking a for...

WordPress plugin LH Signing 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2025-37151

The LH Signing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.83. This is due to missing or incorrect nonce validation on the plugin options function. This makes it possible for unauthenticated attackers to modify plugin settings via a...

Malicious code in xlsx-to-json-lh (npm)

The package xlsx-to-json-lh was found to contain malicious code...

CVE-2024-9220

The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-51572

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shawfactor LH QR Codes lh-qr-codes allows Stored XSS.This issue affects LH QR Codes: from n/a through = 1.06...

CVE-2018-1000645

LibreHealthIO lh-ehr version...

CVE-2018-1000646

LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution...

CVE-2018-1000839

LH-EHR version REL-200 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type...