73 matches found
CVE-2025-11379 WebP Express <= 0.25.9 - Unauthenticated Information Exposure
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
Exploit for Authentication Bypass by Primary Weakness in Crushftp
The-Challenge-Soulmate- The "Soulmate" machine from HackTheBox...
EUVD-2025-19880
Malicious code in bioql PyPI...
SUSE CVE-2025-53859
NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...
CVE-2025-53859
NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...
CVE-2025-5961
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpvividuploadimportfiles' function in all versions up to, and including, 0.9.116. This makes it possible for authenticated attackers...
CVE-2025-5961 Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpvividuploadimportfiles' function in all versions up to, and including, 0.9.116. This makes it possible for authenticated attackers...
PT-2025-27805 · WordPress · Wpvivid Backup/Migration
Name of the Vulnerable Software and Affected Versions: Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress versions up to, and including, 0.9.116 Description: The issue is related to arbitrary file uploads due to missing file type validation in the wpvivid upload import...
OESA-2025-1563 mod_security security update
This software is also called Modsec,it is an open-source web application firewall. It is designed for Apache HTTP Server.ModSecurity is commonly deployed to provide protections against generic classed of vulnerabilities.The install of this package is easy and you can read the README.TXT for more...
CVE-2024-1076
The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who...
CVE-2022-41347
An issue was discovered in Zimbra Collaboration ZCS 8.8.x and 9.x e.g., 8.8.15. The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes...
CVE-2024-13869
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadfiles' function in all versions up to, and including, 0.9.112. This makes it possible for authenticated attackers, with...
CVE-2024-13869 Migration, Backup, Staging – WPvivid <= 0.9.112 - Authenticated (Admin+) Arbitrary File Upload via wpvivid_upload_file
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadfiles' function in all versions up to, and including, 0.9.112. This makes it possible for authenticated attackers, with...
CVE-2024-13869
CVE-2024-13869 affects Migration, Backup, Staging – WPvivid Backup & Migration for WordPress. Wordfence notes a vulnerability in the wpvivid_upload_file path that allows an authenticated attacker with Admin+ privileges to upload arbitrary files, enabling potential remote code execution. Versions ...
PT-2024-16388 · Nginx · Nginx
Name of the Vulnerable Software and Affected Versions: Opt-In Downloads plugin for WordPress versions up to, and including, 4.07 Description: The issue is related to missing file type validation in the admin upload function, allowing authenticated attackers with Subscriber-level access and above ...
CVE-2024-1076
The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who...
WordPress plugin SSL Zen 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
F5 Nginx 缓冲区错误漏洞
F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5 Inc. distributed under the BSD-like protocol. njs is one of the scripting language components that supports extended NGINX functionality. A security vulnerability exists in F5 Nginx NJS version...
PT-2023-11529 · Nginx · Nginx Njs
Name of the Vulnerable Software and Affected Versions: Nginx NJS affected versions not specified Description: A Buffer Overflow issue allows a remote attacker to execute arbitrary code via the njs object property parameter of the njs/njs vm.c function, specifically through the njs object property...
The vulnerability of the njs_promise_reaction_job function in the njs interpreter of the nginx server allows a attacker to cause a service failure.
The vulnerability of the njspromisereactionjob function in the njs interpreter of the nginx server is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...