13 matches found
EUVD-2023-1628
Malicious code in bioql PyPI...
EUVD-2024-47786
Malicious code in bioql PyPI...
EUVD-2024-44544
Malicious code in bioql PyPI...
EUVD-2024-33338
Malicious code in bioql PyPI...
EUVD-2024-47554
Malicious code in bioql PyPI...
CVE-2025-22829 Apache CloudStack: Unauthorised access to dedicated resources in Quota plugin
The CloudStack Quota plugin has an improper privilege management logic in version 4.20.0.0. Anyone with authenticated user-account access in CloudStack 4.20.0.0 environments, where this plugin is enabled and have access to specific APIs can enable or disable reception of quota-related emails for...
CVE-2024-5973
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have...
CVE-2022-34180
Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified j...
CVE-2025-31765 WordPress GDPR Cookie Notice plugin <= 1.2.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in themeqx GDPR Cookie Notice gdpr-cookie-notice allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR Cookie Notice: from n/a through = 1.2.0...
CVE-2025-1508
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the downloaddata action in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to download...
CVE-2024-10528
CVE-2024-10528 (Ultimate Member) affects WordPress plugin Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership. The root cause is a missing capability check in the image resize handlers (wp_ajax_um_resize_image() and ajax_resize_image()), which a...
CVE-2022-45389
A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository...
CVE-2022-41234
Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck...