950 matches found
EUVD-2023-48198
Malicious code in bioql PyPI...
EUVD-2024-32148
Malicious code in bioql PyPI...
EUVD-2024-52777
Malicious code in bioql PyPI...
EUVD-2025-12493
Malicious code in bioql PyPI...
EUVD-2024-44264
Malicious code in bioql PyPI...
EUVD-2023-50981
Malicious code in bioql PyPI...
EUVD-2025-4530
Malicious code in bioql PyPI...
CVE-2025-8417 Catalog Importer, Scraper & Crawler <= 5.1.4 - Unauthenticated PHP Code Injection
The Catalog Importer, Scraper & Crawler plugin for WordPress is vulnerable to PHP code injection in all versions up to, and including, 5.1.4. This is due to reliance on a guessable numeric token e.g. ?key= 900001705 without proper authentication, combined with the unsafe use of eval on...
CVE-2014-125116
A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the application’s config.php file. An unauthenticated...
CVE-2015-10141 Xdebug Remote Debugger Unauthenticated OS Command Execution
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker ca...
Remote Code Execution (RCE)
bolt/bolt is vulnerable to remote code execution RCE. The vulnerability is due to unsanitized rendering of user-controlled input PHP code injection in the displayname field in backend templates, followed by abuse of session file manipulation endpoints which allows an attacker to create a web shel...
📄 ISPConfig language_edit.php PHP Code Injection
This Metasploit module exploits a PHP code injection vulnerability in the ISPConfig languageedit.php file. The vulnerability occurs when the adminallowlangedit setting is enabled, allowing authenticated administrators to inject arbitrary PHP code through the language editor interface. This...
CVE-2025-34086
Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend...
GHSA-P9QC-8JJX-G8CG Bolt CMS vulnerable to authenticated remote code execution
Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend...
Bolt CMS vulnerable to authenticated remote code execution
Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend...
CVE-2025-34086
Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend...
CVE-2025-34086 Bolt CMS Authenticated Remote Code Execution via Profile Injection and File Rename
Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend...
CVE-2025-34086 Bolt CMS Authenticated Remote Code Execution via Profile Injection and File Rename
Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend...
CVE-2025-34086
Bolt CMS versions 3.7.0 and earlier are affected by an authenticated remote code execution chain. An authenticated user can inject PHP code into the displayname field, which is rendered unsanitized in backend templates. The attacker can enumerate and rename cached session files via /async/browse/...
CVE-2025-6459 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Cross-Site Request Forgery to PHP Code Injection in bsaCreateAdTemplate
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.89. This is due to missing or incorrect nonce validation on the bsaCreateAdTemplate function. This makes it possible for...