90 matches found
EUVD-2025-203442
Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue...
Exploit for CVE-2025-54352
CVE-2025-54352 PoC Usage Steps to install and test the Wor...
EUVD-2021-11780
Malware in sbrugna...
EUVD-2015-9111
Malware in sbrugna...
EUVD-2024-51759
Malicious code in bioql PyPI...
EUVD-2024-17711
Malicious code in bioql PyPI...
EUVD-2024-49170
Malicious code in bioql PyPI...
EUVD-2025-8074
Malicious code in bioql PyPI...
EUVD-2024-50184
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-54352
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not...
DEBIAN-CVE-2025-54352
WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior...
CVE-2025-54352
WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior...
CVE-2024-8431
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with...
CVE-2021-39203
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This...
CVE-2021-24661
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID...
CVE-2025-2252 Easy Digital Downloads – eCommerce Payments and Subscriptions made easy <= 3.3.6.1 - Unauthenticated Private Post Title Disclosure
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the eddajaxgetdownloadtitle function. This makes it possible for unauthenticated attackers to extract...
WordPress Easy Digital Downloads plugin <= 3.3.6.1 - Unauthenticated Private Post Title Disclosure vulnerability
Unauthenticated Private Post Title Disclosure vulnerability discovered by Françoa Taffarel in WordPress Plugin Easy Digital Downloads versions = 3.3.6.1...
CVE-2024-13430
CVE-2024-13430 affects the Page Builder: Pagelayer – Drag and Drop website builder for WordPress (
CVE-2024-13514 B Slider- Gutenberg Slider Block for WP <= 1.1.23 - Authenticated (Contributor+) Private Post Disclosure via bsb-slider Shortcode
The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.5 via the 'bsb-slider' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, wi...
CVE-2024-10693
The SKT Addons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.3 via the Unfold widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level acces...