211 matches found
EUVD-2024-32774
Malicious code in bioql PyPI...
EUVD-2022-48003
Malicious code in bioql PyPI...
EUVD-2022-24627
Malicious code in bioql PyPI...
EUVD-2025-8024
Malicious code in bioql PyPI...
EUVD-2022-52013
Malicious code in bioql PyPI...
EUVD-2023-12396
Malicious code in bioql PyPI...
CVE-2025-54780 glpi-screenshot-plugin exposes local files in /ajax/screenshot.php
The glpi-screenshot-plugin allows users to take screenshots or screens recording directly from GLPI. In versions below 2.0.2, authenticated user can use the /ajax/screenshot.php endpoint to leak files from the system or use PHP wrappers. This is fixed in version 2.0.2...
WordPress Webba Booking plugin <= 5.1.20 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Webba Booking versions = 5.1.20...
WordPress SureForms Plugin Multiple Vulnerabilities (Jul 2025)
The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:brainstormforce:sureforms"; if description...
CVE-2025-53656
Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file...
WordPress Forminator Plugin < 1.44.3 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:incsub:forminator"; ifdescription...
WordPress Quick Favicon plugin <= 0.22.8 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Quick Favicon versions = 0.22.8...
WordPress Restrict File Access plugin <= 1.1.2 - Authenticated (Subscriber+) Arbitrary File Read vulnerability
Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by johska in WordPress Plugin Restrict File Access versions = 1.1.2...
CVE-2025-5760
The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the appenddebuginfotocontext function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $POST and...
CVE-2025-3951
The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations...
WordPress Easy Digital Downloads plugin <= 3.3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via edd_receipt Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via eddreceipt Shortcode vulnerability discovered by muhammad yudha in WordPress Plugin Easy Digital Downloads versions = 3.3.8.1...
CVE-2024-5453
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdismissiblenotice and pmwizardupdategroupicon functions in all versions up to, and including, 5.8.6. This makes it possible fo...
CVE-2024-1293
The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-6210
The Duplicator plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify...
CVE-2024-12028
The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website,...