Advantech WISE-DeviceOn Server 跨站脚本漏洞

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied...

Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms

Summary Having a simple form on site can reveal the whole Grav configuration details including plugin configuration details by using the correct POST payload. Sensitive information may be contained in the configuration details. PoC Create a simple form with two fields, 'registration-number' and...

GHSA-8535-HVM8-2HMV Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms

Summary Having a simple form on site can reveal the whole Grav configuration details including plugin configuration details by using the correct POST payload. Sensitive information may be contained in the configuration details. PoC Create a simple form with two fields, 'registration-number' and...

CVE-2025-66298

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, having a simple form on site can reveal the whole Grav configuration details including plugin configuration details by using the correct POST payload to exploit a Server-Side Template SST vulnerability. Sensitive information may be...

CVE-2025-66298 Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, having a simple form on site can reveal the whole Grav configuration details including plugin configuration details by using the correct POST payload to exploit a Server-Side Template SST vulnerability. Sensitive information may be...

EUVD-2014-9393

Malware in sbrugna...

EUVD-2011-3601

Malware in sbrugna...

EUVD-2020-24158

Malware in sbrugna...

GO-2025-3838 Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration in github.com/hashicorp/vault

Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration in github.com/hashicorp/vault...

GHSA-MR4H-QF9J-F665 Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration

A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration

A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

CVE-2022-24677

Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php...

CVE-2021-21617

A cross-site request forgery CSRF vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations...

CVE-2014-9579

VDG Security SENSE formerly DIVA 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files...

CVE-2025-32022 Finit has heap based buffer overwrite in urandom.so plugin

Finit provides fast init for Linux systems. Finit's urandom plugin has a heap buffer overwrite vulnerability at boot which leads to it overwriting other parts of the heap, possibly causing random instabilities and undefined behavior. The urandom plugin is enabled by default, so this bug affects...

Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell`

Impact The Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener e.g. xdg-open on Linux. This was meant to be restricted to a reasonable number of protocols like htt...

Backup of Powered-Off VM in Proxmox Fails When HA Status is Stopped

Challenge The backup of a powered-off VM within a Proxmox environment where High Availability HA is enabled but the HA status is Stopped , fails with the error: Failed to perform backup: Failed to connect the NBD server to the hypervisor host. Cause The job fails because the High Availability HA...

Pray For Me <= 1.0.4 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin 1. Configure the plugin to add the first name and last name fields to the form:...

Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing < 3.6.4 - Plugin Settings Update via CSRF

Description The Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin is vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin'...

Slider Revolution < 6.6.19 - Author+ Insecure Deserialization leading to RCE

Description The plugin does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution. 1. Make sure to configure the plugin so Authors can access its settings 2. Create a new slider. 3. Save and export...