9 matches found
EUVD-2021-21276
Malware in sbrugna...
EUVD-2021-16190
Malware in sbrugna...
EUVD-2023-43932
Malicious code in bioql PyPI...
CVE-2024-4372
The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks...
CVE-2022-1755
The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks...
CVE-2021-24163
The AJAX action, wpajaxninjaformssendwpremoteinstallhandler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form...
CVE-2021-24164
In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wpajaxnfoauth, and retrieve the connection url needed to establish a connection. They could also retrieve the clientid for an already established OAuth connecti...
CVE-2023-3256
Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files...
CVE-2023-3256 Advantech R-SeeNet External Control of File Name or Path
Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files...