22 matches found
EUVD-2007-2478
Malware in sbrugna...
EUVD-2007-2421
Malware in sbrugna...
EUVD-2015-7128
Malware in sbrugna...
EUVD-2022-34698
Malicious code in bioql PyPI...
CVE-2025-7309
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...
CVE-2025-7257
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...
CVE-2025-7305 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...
CVE-2025-7290 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...
CVE-2025-7254 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...
CVE-2025-7251
The CVE-2025-7251 entry concerns IrfanView CADImage Plugin, where a DWG file parsing flaw allows an out-of-bounds read that can lead to remote code execution. The issue stems from insufficient validation of user-supplied data in DWG parsing, enabling an attacker to execute code in the context of ...
WordPress GB Forms DB plugin <= 1.0.2 - Unauthenticated Remote Code Execution vulnerability
Unauthenticated Remote Code Execution vulnerability discovered by CVEhunter in WordPress Plugin GB Forms DB versions = 1.0.2...
CVE-2025-3515 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.9 - Unauthenticated Arbitrary File Upload via Insufficient Blacklist Checks
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attackers to bypass the plugin's blacklist and...
CVE-2022-3125
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE...
CVE-2020-2158
Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...
CVE-2025-3491
The WordPress Add custom page template plugin (vulnerable
CVE-2025-32118
CVE-2025-32118 affects the CMP – Coming Soon & Maintenance Plugin by NiteoThemes. The connected data specifies an Authenticated Arbitrary File Upload (unrestricted file upload) vulnerability, enabling malicious file uploads by an attacker with admin-level privileges. The CVSSv3.1 base score is 9....
CVE-2024-10954
In the manim plugin of binary-husky/gptacademic, versions prior to the fix, a vulnerability exists due to improper handling of user-provided prompts. The root cause is the execution of untrusted code generated by the LLM without a proper sandbox. This allows an attacker to perform remote code...
CVE-2024-10954
CVE-2024-10954 affects the binary-husky/gpt_academic project’s manim plugin. The root cause is improper handling of user-provided prompts, leading to execution of untrusted code generated by the LLM without a sandbox. This enables remote code execution on the app backend when a malicious prompt i...
CVE-2022-1609 The School Management < 9.9.7 - Unauthenticated RCE via REST api
The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site...
PT-2021-11642 · WordPress · Wp Hotel Booking
Name of the Vulnerable Software and Affected Versions: wp-hotel-booking plugin versions 1.10.2 and earlier Description: The issue allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress hotel booking 1 cookie in the includes/class-wphb-sessions.php...