EUVD-2025-8591

Malicious code in bioql PyPI...

EUVD-2025-25375

Malicious code in bioql PyPI...

CVE-2025-48157

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Michele Giorgi Formality formality allows PHP Local File Inclusion.This issue affects Formality: from n/a through = 1.5.9...

CVE-2025-48157

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Michele Giorgi Formality formality allows PHP Local File Inclusion.This issue affects Formality: from n/a through = 1.5.9...

CVE-2025-48157

CVE-2025-48157 affects WordPress plugin Formality (versions

PT-2025-33916 · Michele Giorgi · Formality

Name of the Vulnerable Software and Affected Versions: Formality versions n/a through 1.5.9 Description: An improper control of filename for include/require statement exists in Michele Giorgi Formality, allowing for PHP Local File Inclusion. Recommendations: Update Formality to a version later th...

CVE-2025-24690

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Michele Giorgi Formality formality allows PHP Local File Inclusion.This issue affects Formality: from n/a through = 1.5.7...

CVE-2025-24690

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Michele Giorgi Formality formality allows PHP Local File Inclusion.This issue affects Formality: from n/a through = 1.5.7...

CVE-2025-24690

CVE-2025-24690: Local File Inclusion in the WordPress Formality plugin ( 1.5.7) per vulnerability records; CVSS v3.1 base score 8.1 (high). Exploitation status not detailed in provided documents.

GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit

!/usr/bin/env python3 Exploit Title: GL.iNet = 3.216 Remote Code Execution via OpenVPN Client Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...

michelesettembre.com Cross Site Scripting vulnerability OBB-3586051

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

michelemichaelsphotography.com Cross Site Scripting vulnerability OBB-3213209

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Ubuntu: Security Advisory (USN-2426-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

michele-joy.com Cross Site Scripting vulnerability OBB-2743299

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Yellowfin Cross Site Scripting / Insecure Direct Object Reference Vulnerabilities

Yellowfin versions prior to 9.6.1 suffer from persistent cross site scripting and insecure direct object reference vulnerabilities. YELLOWFIN 9.6.1 MULTIPLE VULNERABILITIES ---------------------------------------------------- Vulnerability: ============== Stored Cross-Site Scripting Affected...

Yellowfin Cross Site Scripting / Insecure Direct Object Reference

YELLOWFIN 9.6.1 MULTIPLE VULNERABILITIES ---------------------------------------------------- Vulnerability: ============== Stored Cross-Site Scripting Affected Products and Versions: =============================== Yellowfin 9.6.1 CVEID: ====== CVE-2021-36387 CVSSv3.1 Score: =============== 5.4...

USN-2694-1 PCRE Vulnerabilities | Cloud Foundry

USN-2694-1 PCRE Vulnerabilities Medium Vendor Perl 5 Versions Affected Ubuntu 14.04 Description Michele Spagnuolo discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of servic...

DSA-3113-1 unzip - security update

Bulletin has no description...

Debian DSA-3082-1 : flac - security update

Michele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of Red Hat, discovered two issues in flac, a library handling Free Lossless Audio Codec media: by providing a specially crafted FLAC file, an attacker could execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, In...

Thanks to the researchers 2014

Research Thanks to the researchers 2014 Share January 31st, 2014 Each year, a number of researchers offer their assistance to help us tighten the security of our wide array of websites. We would like to take this opportunity to thank the researchers and testers of 2014 for their assistance in...