102 matches found
PT-2025-51183
A vulnerability was determined in SamuNatsu HaloBot up to 026b01d4a896d93eaaf9d5163a287dc9f267515b. Affected is the function html renderer of the file plugins/html renderer/index.js of the component Inter-plugin API. Executing manipulation of the argument action can lead to dynamically-managed co...
EUVD-2012-5426
Malware in sbrugna...
EUVD-2025-20842
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-35946
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licens...
CVE-2025-53672
Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...
CVE-2025-53743
The CVE-2025-53743 entry affects Jenkins Applitools Eyes Plugin (versions 1.16.5 and earlier). The underlying issue is that Applitools API keys are displayed on the job configuration form and are not masked, enabling potential observation or capture by users with access. Publicly detailed referen...
MAL-2025-5316 Malicious code in plugin-api-version (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f4f1500b9b02566e5be415a195e434461c5dc160084330f80c8eb4c726a2563b The OpenSSF Package Analysis project identified 'plugin-api-version' ...
Malicious code in plugin-api-version (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f4f1500b9b02566e5be415a195e434461c5dc160084330f80c8eb4c726a2563b The OpenSSF Package Analysis project identified 'plugin-api-version' ...
PT-2025-25367 · WordPress · Rest Api | Custom Api Generator For Cross Platform/Import Export In Wp
Name of the Vulnerable Software and Affected Versions: REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress versions 1.0.0 through 2.0.3 Description: The issue is related to a missing capability check on the process handler function, allowing...
[SECURITY] Fedora 41 Update: nbdkit-1.40.6-1.fc41
NBD is a protocol for accessing block devices hard disks and disk-like things over the network. nbdkit is a toolkit for creating NBD servers. The key features are: Multithreaded NBD server written in C with good performance. Minimal dependencies for the basic server. Liberal license BSD allows...
CVE-2024-0437
The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or...
[SECURITY] Fedora 42 Update: nbdkit-1.42.3-1.fc42
NBD is a protocol for accessing block devices hard disks and disk-like things over the network. nbdkit is a toolkit for creating NBD servers. The key features are: Multithreaded NBD server written in C with good performance. Minimal dependencies for the basic server. Liberal license BSD allows...
CVE-2021-24133
Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker's account...
CVE-2025-3853
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callbackgenerateapikey due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above...
PT-2025-18381
Name of the Vulnerable Software and Affected Versions Brainstorm Force SureTriggers versions 1.0.0 through 1.0.82 Description The issue is related to an incorrect privilege assignment vulnerability in Brainstorm Force SureTriggers, allowing privilege escalation. This vulnerability can be exploite...
CVE-2025-31724
Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
CVE-2025-30197
Jenkins Zoho QEngine Plugin 1.0.29.vfacc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it...
CVE-2025-30197
Jenkins Zoho QEngine Plugin 1.0.29.vfacc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it...
CVE-2025-30197
Jenkins Zoho QEngine Plugin 1.0.29.vfacc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it...
CVE-2024-4611 AppPresser <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass
The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decryptvalue' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the sit...