558 matches found
EUVD-2025-14953
Malicious code in bioql PyPI...
EUVD-2021-34209
Malicious code in bioql PyPI...
EUVD-2024-51562
Malicious code in bioql PyPI...
EUVD-2021-28797
Malicious code in bioql PyPI...
EUVD-2025-29444
Malicious code in bioql PyPI...
EUVD-2024-48204
Malicious code in bioql PyPI...
EUVD-2024-47427
Malicious code in bioql PyPI...
CVE-2025-9212
The WP Dispatcher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpdispatcherprocessupload function in all versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
EUVD-2025-32247
The WP Dispatcher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpdispatcherprocessupload function in all versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-9212 WP Dispatcher <= 1.2.0 - Authenticated (Subscriber+) Arbitrary File Upload
The WP Dispatcher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpdispatcherprocessupload function in all versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-9212
The CVE refers to WP Dispatcher for WordPress (plugin) with Arbitrary File Upload via wp_dispatcher_process_upload() in all versions up to 1.2.0. Affected: WordPress plugin WP Dispatcher; attacker must be authenticated at Subscriber level or higher. Impact: upload of arbitrary files that could le...
PT-2025-40491
Name of the Vulnerable Software and Affected Versions WP Dispatcher plugin for WordPress versions prior to 1.2.1 Description The WP Dispatcher plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the wp dispatcher process upload function...
CVE-2025-10000
The Qyrr – simply and modern QR-Code creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the blobtofile function in all versions up to, and including, 2.0.7. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-10000 Qyrr – simply and modern QR-Code creation <= 2.0.7 - Authenticated (Contributor+) Arbitrary File Upload
The Qyrr – simply and modern QR-Code creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the blobtofile function in all versions up to, and including, 2.0.7. This makes it possible for authenticated attackers, with Contributor-level access...
PT-2025-39928
Name of the Vulnerable Software and Affected Versions Qyrr – simply and modern QR-Code creation plugin for WordPress versions through 2.0.7 Description The Qyrr plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the blob to file function...
PT-2025-39947
Name of the Vulnerable Software and Affected Versions Post By Email versions through 1.0.4b Description The Post By Email plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the save attachments function. This allows unauthenticated...
CVE-2025-10747
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access and above, to...
CVE-2025-10747
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access and above, to...
CVE-2025-10747
CVE-2025-10747 - WP-DownloadManager (WordPress) is validated by Wordfence as an authenticated, high-severity vulnerability: missing file-type validation in download-add.php allows an Administrator+ attacker to upload arbitrary files on the server, potentially enabling remote code execution. Affec...
keycloak: Keycloak error_description injection on error pages
A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...