EUVD-2026-31333

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...

Advisory ROSA-SA-2026-3291

software: kernel-5.10 5.10.244 WASP: ROSA-CHROME unaffected versions = kernel-5.10-5.10.244-4 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption...

CVE-2025-10186

CVE-2025-10186 affects the WordPress plugin “WhyDonate – FREE Donate button – Crowdfunding – Fundraising”. The vulnerability is an unauthorized data loss due to a missing capability check in the remove_row function, applicable to all versions up to and including 4.0.14. Unauthenticated attackers ...

EUVD-2024-51447

Malicious code in bioql PyPI...

EUVD-2023-32758

Malicious code in bioql PyPI...

EUVD-2025-23262

Malicious code in bioql PyPI...

EUVD-2024-34397

Malicious code in bioql PyPI...

EulerOS 2.0 SP13 : vim (EulerOS-SA-2025-1696)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the :redir ex command to register,...

CVE-2025-5282

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletepackage function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to...

CVE-2024-5863

The Easy Image Collage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajaximagecollage function in all versions up to, and including, 1.13.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

CVE-2024-12158

The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upcdeletedbdata' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated...

PyTorch Denial of Service Vulnerability (CNVD-2025-23353)

PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a denial of service vulnerability caused by a floating point exception in torch.nn.functional.ctcloss. An attacker can exploit this vulnerability to cause a denial of service...

Medium: vim

Issue Overview: A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version...

CVE-2025-29768

A flaw was found in Vim's zip.vim plugin. This vulnerability allows potential data loss via specially crafted zip files when a user views the archive in Vim and presses 'x' on an unusual filename. Mitigation Mitigation for this issue is either not available or the currently available options do n...

CVE-2025-29768

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim...

FreeBSD : vim -- potential data loss with zip.vim and specially crafted zip files (9cf03c96-ffa5-11ef-bb15-002590af0794)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9cf03c96-ffa5-11ef-bb15-002590af0794 advisory. Vim reports: See https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf Tenable has extract...

CVE-2024-13752

CVE-2024-13752 concerns the WP Project Manager WordPress plugin (versions up to and including 2.6.17). A missing capability check on the /pm/v2/settings/notice endpoint allows an authenticated user with Subscriber-level access and above to perform a limited arbitrary options update that can lead ...

CVE-2024-13541

The aDirectory – WordPress Directory Listing Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the adqsdeletelisting function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with...

CVE-2024-13229

CVE-2024-13229 concerns Rank Math SEO – AI SEO Tools to Dominate SEO Rankings (WordPress) vulnerability: missing capability check in update_metadata() allows authenticated attackers with Contributor+ to delete schema metadata on posts. Affected versions include up to 1.0.235. Exploitation is desc...

CVE-2023-6966

The Moneytizer WordPress plugin (The Moneytizer) is vulnerable in versions up to 9.5.20 due to a missing capability check in core_ajax.php across multiple AJAX functions. This allows authenticated users with subscriber privileges and higher to view/update billing and bank details, adjust plugin s...