112 matches found
VCR.py: Arbitrary code execution via unsafe YAML deserialization of cassette files
Summary vcrpy deserializes YAML cassette files with PyYAML's object-constructing loader yaml.CLoader / yaml.Loader instead of the safe loader yaml.CSafeLoader / yaml.SafeLoader. A cassette containing a !!python/object/apply: or similar tag therefore executes arbitrary Python code the moment the...
CVE-2026-7566
The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...
CVE-2026-7566 LearnPress – Backup & Migration Tool <= 4.1.4 - Authenticated (Administrator+) PHP Object Injection via WXR XML File Upload
The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...
WordPress LearnPress – Backup & Migration Tool plugin <= 4.1.4 - Authenticated (Administrator+) PHP Object Injection vulnerability
Authenticated Administrator+ PHP Object Injection vulnerability discovered by Wannes Verwimp in WordPress Plugin LearnPress Export Import versions = 4.1.4...
SAMSUNG Smart Switch 安全漏洞
SAMSUNG Smart Switch is a data migration tool developed by South Korea’s Samsung Corporation. Versions of SAMSUNG Smart Switch prior to 3.7.69.15 contained security vulnerabilities. These vulnerabilities were due to improper authentication procedures, and they could allow adjacent attackers to...
WordPress Tutor LMS - Migration Tool plugin <= 2.2.0 - Missing Authorization in tutor_import_from_xml vulnerability
WordPress Tutor LMS - Migration Tool plugin = 2.2.0 - Missing Authorization in tutorimportfromxml vulnerability discovered by Francesco Carlucci in WordPress Plugin Tutor LMS – Migration Tool versions = 2.2.0...
CVE-2025-11427
The WP Migrate Lite – WordPress Migration Made Easy plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.7.6 via the wpmdbflush AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...
SAMSUNG Smart Switch 安全漏洞
SAMSUNG Smart Switch is a data migration tool from Samsung South Korea. A security vulnerability exists in SAMSUNG Smart Switch versions prior to 3.7.67.2, which stems from storing sensitive information in clear text and could lead to a local attacker accessing sensitive data...
EUVD-2019-10124
Malware in sbrugna...
EUVD-2018-2220
Malware in sbrugna...
EUVD-2020-12767
Malware in sbrugna...
EUVD-2019-10131
Malware in sbrugna...
EUVD-2019-10127
Malware in sbrugna...
EUVD-2015-0218
Malware in sbrugna...
EUVD-2019-10126
Malware in sbrugna...
EUVD-2019-10128
Malware in sbrugna...
EUVD-2024-17523
Malicious code in bioql PyPI...
CVE-2025-55283
aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows elevation to superuser inside PostgreSQL databases during a migration from an untrusted source server. The vulnerability stems from psql executing commands embedded in a...
WordPress plugin FG Drupal to WordPress 代码问题漏洞
WordPress FG Drupal to WordPress is a plugin tool for migrating Drupal website content to WordPress, which supports the import of basic content such as articles, images, etc., but the free version does not include the comment import function. WordPress FG Drupal to WordPress suffers from a...
Samsung Smart Switch 安全漏洞
SAMSUNG Smart Switch is a data migration tool from Samsung South Korea. A security vulnerability exists in Samsung Smart Switch versions prior to 3.7.64.10, which stems from improper authorization and could allow a local attacker to read data with Smart Switch privileges...