EUVD-2025-30910

Malicious code in bioql PyPI...

EUVD-2023-26816

Malicious code in bioql PyPI...

CVE-2025-29083

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the PluginManager.php file...

CVE-2025-29083

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the PluginManager.php file...

CVE-2025-29083

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the PluginManager.php file...

PT-2025-39186

Name of the Vulnerable Software and Affected Versions CSZ-CMS version 1.3.0 Description A SQL Injection issue exists in CSZ-CMS version 1.3.0. This allows a remote attacker to execute arbitrary code through the execSqlFile function located in the Plugin Manager.php file. The vulnerability is...

CVE-2025-29083

CSZ-CMS 1.3.0 is affected by an SQL Injection in Plugin_Manager.php (execSqlFile) that can lead to remote code execution. The vulnerability has been described across multiple sources as allowing an attacker to execute arbitrary code, with CVSS Brook 3.1 metrics indicating network access, low atta...

CSZCMS 安全漏洞

CSZCMS is an open source web application by Cskaza Bassist Individual Developer that allows to manage all content and settings on a website. A security vulnerability exists in CSZCMS version 1.3.0, which stems from the execSql function in the PluginManager.php file not filtering input correctly,...

CVE-2025-29083

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the PluginManager.php file...

CVE-2025-29083

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the PluginManager.php file...

CVE-2023-46188

Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Freesoul Deactivate Plugins – Plugin manager and cleanup: from n/a through 2.1.3...

CVE-2023-1088

The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2022-27165

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcmsadminPluginmanagersetstatus...

CVE-2025-32542

Missing Authorization vulnerability in EazyPlugins Eazy Plugin Manager plugins-on-steroids allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eazy Plugin Manager: from n/a through = 4.3.0...

CVE-2025-32542

Missing Authorization vulnerability in EazyPlugins Eazy Plugin Manager plugins-on-steroids allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eazy Plugin Manager: from n/a through = 4.3.0...

CVE-2025-32542 WordPress Eazy Plugin Manager plugin <= 4.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in EazyPlugins Eazy Plugin Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Eazy Plugin Manager: from n/a through 4.3.0...

CVE-2025-32542

CVE-2025-32542 is a Missing Authorization vulnerability in the WordPress Eazy Plugin Manager, affecting versions up to 4.3.0. The connected Wordfence data indicates an unauthorized access weakness due to misconfigured access controls, with a high impact (CVE-2015-32542 CVSS 3.1: 8.8, HIGH) and Ne...

WordPress plugin Eazy Plugin Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Eazy Plugin Manager plugin <= 4.3.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Aiden in WordPress Plugin Eazy Plugin Manager versions = 4.3.0...

CVE-2025-26411 Authenticated Arbitrary Python File Upload via Plugin Manager

An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the Wattsense web...