EUVD-2025-208275

Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows...

Directorist – Business Directory Plugin < 7.0.6.2 - CSRF to Remote File Upload

The plugin was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory. This vulnerability was seen actively exploited by Sucuri in the wild for ransomware attacks. PoC 1. Authenticate as any user. 2. Paste below...

CVE-2021-34413

All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use TOC/TOU vulnerability during the plugin installation process. This could allow a standard user to write their own malicious application to the plugin directory, allowing the...

Qtouch General Edition is vulnerable to an untrustworthy code loading flaw

Qtouch General Purpose Edition is automation software that integrates the functions of device communication, graphic display, data conversion, logic processing, etc. and provides secondary development. Qtouch Universal Edition is vulnerable to an untrustworthy code loading flaw. The attacker...