8338 matches found
Malicious code in contracts-plugins (npm)
The package contracts-plugins was found to contain malicious code...
MAL-2025-7069 Malicious code in @amber-team/router5-plugins (npm)
The package @amber-team/router5-plugins was found to contain malicious code...
MAL-2025-15590 Malicious code in belmgr-plugins (npm)
The package belmgr-plugins was found to contain malicious code...
MAL-2025-16675 Malicious code in cb-serverless-plugins (npm)
The package cb-serverless-plugins was found to contain malicious code...
MAL-2025-17520 Malicious code in contracts-plugins (npm)
The package contracts-plugins was found to contain malicious code...
MAL-2025-17572 Malicious code in cordova-plugins-devextremeaddon (npm)
The package cordova-plugins-devextremeaddon was found to contain malicious code...
CVE-2025-24313
Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access...
CVE-2025-54717
CVE-2025-54717 affects the WordPress WP Membership plugin (versions up to 1.6.3). It is a Missing Authorization flaw due to incorrectly configured access control security levels, enabling a settings change vulnerability. Remediation: upgrade WP Membership to a version later than 1.6.3 (per Patchs...
CVE-2025-55010
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...
Security update for gstreamer-plugins-base
This update for gstreamer-plugins-base fixes the following issues: CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser bsc1244404. CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403. CVE-2025-47806: Fixed stack buffer overflow in SubRip...
SUSE-SU-2025:02796-1 Security update for gstreamer-plugins-base
This update for gstreamer-plugins-base fixes the following issues: - CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser bsc1244404. - CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403. - CVE-2025-47806: Fixed stack buffer overflow in SubRi...
CVE-2025-8047
CVE-2025-8047 pertains to a supply‑chain compromise affecting WordPress plugins Disable-right-click-powered-by-pixterme (through v1.2) and Pixter-Image-Digital-License (through v1.0). The plugins load a compromised JavaScript file from an abandoned S3 bucket, enabling an attacker‑controlled backd...
CVE-2025-8047 Multiple Plugins from itayamar - Supply Chain Compromise
The disable-right-click-powered-by-pixterme through v1.2 and pixter-image-digital-license thtough v1.0 WordPress plugins load a JavaScript file which has been compromised from an apparent abandoned S3 bucket. It can be used as a backdoor by those who control it, but it currently displays an alert...
CVE-2025-8047 Multiple Plugins from itayamar - Supply Chain Compromise
The disable-right-click-powered-by-pixterme through v1.2 and pixter-image-digital-license thtough v1.0 WordPress plugins load a JavaScript file which has been compromised from an apparent abandoned S3 bucket. It can be used as a backdoor by those who control it, but it currently displays an alert...
CVE-2011-10013 Traq 2.0–2.3 admincp/common.php RCE
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php...
CVE-2011-10013 Traq 2.0–2.3 admincp/common.php RCE
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php...
CVE-2025-7384
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the getleaddetail function. This makes it possible for unauthenticated attackers to inject a P...
CVE-2025-7384
CVE-2025-7384 affects the WordPress plugins Database for Contact Form 7, WPforms, and Elementor forms (up to version 1.4.3). The root cause is PHP Object Injection via deserialization of untrusted input in the get_lead_detail function, enabling unauthenticated attackers to inject PHP objects. The...
CVE-2025-7384 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the getleaddetail function. This makes it possible for unauthenticated attackers to inject a P...
CVE-2025-0818
Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an...