9 matches found
EUVD-2025-17665
Malicious code in bioql PyPI...
EUVD-2025-17673
Malicious code in bioql PyPI...
CVE-2025-49454
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in LoftOcean TinySalt tinysalt allows PHP Local File Inclusion.This issue affects TinySalt: from n/a through 3.10.0...
CVE-2025-49455
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ClickandPledge WordPress-WPJobBoard click-pledge-wpjobboard allows Blind SQL Injection.This issue affects WordPress-WPJobBoard: from n/a through = 25.07010000-WP6.8.1-JB5.11.5...
CVE-2025-49454
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in LoftOcean TinySalt tinysalt allows PHP Local File Inclusion.This issue affects TinySalt: from n/a through 3.10.0...
CVE-2025-49454
CVE-2025-49454 is a Local File Inclusion in the LoftOcean TinySalt WordPress theme (pre-3.10.0) caused by improper control of filenames for PHP include/require statements. The vulnerability enables PHP Local File Inclusion due to referencing an attacker-controlled filename, as reported across mul...
CVE-2025-49455
CVE-2025-49455 affects LoftOcean TinySalt (WordPress Theme) prior to 3.10.0. The issue is described as a Deserialization of Untrusted Data vulnerability that enables Object Injection . The connected sources consistently identify TinySalt and specify the vulnerable version range as before 3.10.0, ...
PT-2025-24653 · Unknown · Loftocean Tinysalt
Name of the Vulnerable Software and Affected Versions: LoftOcean TinySalt versions prior to 3.10.0 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. This allows PHP Local File...
PT-2025-24654 · Unknown · Loftocean Tinysalt
Name of the Vulnerable Software and Affected Versions: LoftOcean TinySalt versions prior to 3.10.0 Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection. Recommendations: For versions prior to 3.10.0, update to version 3.10.0 or later to resolve the...