23 matches found
EUVD-2020-15598
Malware in sbrugna...
EUVD-2025-19548
Malicious code in bioql PyPI...
EUVD-2024-17579
Malicious code in bioql PyPI...
EUVD-2024-27404
Malicious code in bioql PyPI...
EUVD-2023-44054
Malicious code in bioql PyPI...
EUVD-2024-49774
Malicious code in bioql PyPI...
EUVD-2025-24196
Malicious code in bioql PyPI...
EUVD-2024-16469
Malicious code in bioql PyPI...
EUVD-2024-32540
Malicious code in bioql PyPI...
CVE-2025-5122
The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-3794 WPForms Lite <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start_timestamp' Parameter
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the starttimestamp parameter in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping...
Denial Of Service (DoS)
github.com/mattermost/mattermost-server is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient input validation caused by a failure to properly validate user-controlled props in the RetrospectivePost custom post type of the Playbooks plugin, which allows an attacker to...
CVE-2024-13674
The Cosmic Blocks 40+ Content Editor Blocks Collection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cwpsocialshare' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2024-10147
CVE-2024-10147 (Steel WordPress plugin) is a stored XSS in the btn shortcode affecting all versions up to 1.3.0, caused by insufficient input sanitization and output escaping on user-supplied attributes. The vulnerability allows authenticated attackers with contributor-level access or higher to i...
CVE-2024-9292 Bridge Core <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2024-8519 Ultimate Member <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'umloggedin' shortcode in all versions up to, and including, 2.8.6 due to insufficient input...
CVE-2024-6495 Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text widget in all versions up to, and including, 4.10.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-2925
The CVE CVE-2024-2925 affects Beaver Builder – WordPress Page Builder (WordPress plugin) up to version 2.8.0.5. Root cause: insufficient input sanitization and output escaping on Button Widget attributes, enabling Stored Cross-Site Scripting. Impact: authenticated attackers with contributor-level...
CVE-2024-0864 RCE in Laragon
Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution RCE attack via an improper input validation in a fileupload.php file which serves as an example. By default, Laragon is not vulnerable until a user decides to use the aforementioned...
PT-2023-28994 · Arduino · Arduino Create Agent
Name of the Vulnerable Software and Affected Versions: Arduino Create Agent versions prior to 1.3.3 Description: This issue affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhos...