EUVD-2024-31710

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-24972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Kleopatra component before 3.1.12 and before 20.07.80 for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported...

WordPress Prevent files / folders access Plugin <= 2.6.0 - Path Traversal Vulnerability

Path Traversal Vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin Prevent files / folders access versions = 2.6.0...

CVE-2025-44139

Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/plugin.php?action=uploadzip...

WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Path Traversal Vulnerability

Path Traversal Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Post and Page Builder by BoldGrid versions = 1.27.8...

WordPress Hot Random Image plugin <= 1.9.2 - Path Traversal to Authenticated (Contributor+) Limited Arbitrary Image Access via path Parameter vulnerability

Path Traversal to Authenticated Contributor+ Limited Arbitrary Image Access via path Parameter vulnerability discovered by Kishan Vyas in WordPress Plugin Hot Random Image versions = 1.9.2...

CVE-2025-31827 WordPress Fonto plugin <= 1.2.2 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vlad.olaru Fonto allows Path Traversal. This issue affects Fonto: from n/a through 1.2.2...

CVE-2025-24605 WordPress WOLF plugin <= 1.0.8.5 - Path Traversal vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in RealMag777 WOLF bulk-editor allows Path Traversal.This issue affects WOLF: from n/a through = 1.0.8.5...

emlog 代码问题漏洞

emlog is a lightweight blog and CMS builder based on PHP and MySQL. An arbitrary file upload vulnerability exists in emlog pro /admin/plugin.php, which can be exploited by a remote attacker to submit a special request that can upload a malicious file to execute arbitrary code in the application...

The vulnerability of the network plugin interface for connecting network plugins to Container Network Interface (CNI) allows a attacker to influence the integrity, accessibility, and confidentiality of the protected information.

The vulnerability of the network plugin interface for connecting to Container Network Interface CNI devices is related to an incorrect path name limitation when loading plugins from the type field. Exploiting this vulnerability allows a remote attacker to compromise the integrity, availability, a...

UBUNTU-CVE-2023-40826

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter...

Plugin Framework for Java 路径遍历漏洞

Plugin Framework for Java PF4J is a Java plugin framework open source by PF4J. A security vulnerability exists in Plugin Framework for Java v.3.9.0 and earlier versions, which originated from a vulnerability that allows remote attackers to obtain sensitive information and execute arbitrary code v...

SUSE CVE-2010-3998

The 1 banshee-1 and 2 muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: Banshee might also be affected using GSTPLUGINPATH...

SUSE CVE-2011-3098

Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory...

SUSE CVE-2018-1000622

The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...

SUSE CVE-2021-3401

Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer...

qemu security update

15:4.2.1-21.el7 - qemu-kvm.spec: Fix the qemu-regdump sos report plugin path Mark Kanda Orabug: 34680062 - qmp-regdump: Require python3 on OL8 Mark Kanda Orabug: 34672256 - iotests: Adjust 186.out to account for 'null' node-name Mark Kanda Orabug: 34447388 - block: Set the name of BlockBackend if...

CVE-2022-34902

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 39316 Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...

Metasploit Wrap-Up

Dump Windows secrets from Active Directory This week, our very own Christophe De La Fuente added an important update to the existing Windows Secret Dump module. It is now able to dump secrets from Active Directory, which will be very useful for Metasploit users. This new feature uses the Director...

DEBIAN-CVE-2020-24972

The Kleopatra component before 3.1.12 and before 20.07.80 for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL...