EUVD-2026-15717

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through = 3.9.4...

EUVD-2026-9643

Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through = 2.5.6...

EUVD-2023-54355

Malicious code in bioql PyPI...

EUVD-2025-2749

Malicious code in bioql PyPI...

CVE-2025-54242

Premiere Pro versions 25.3, 24.6.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file, and scope is unchanged...

CVE-2025-53581

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in artiosmedia RSS Feed Pro rss-feed-pro allows Stored XSS.This issue affects RSS Feed Pro: from n/a through = 1.1.8...

CVE-2025-46257

Cross-Site Request Forgery CSRF vulnerability in BdThemes Element Pack Pro allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a before 8.0.0...

WordPress Elementor Pro plugin <= 3.25.10 - Authenticated (Contributor+) Sensitive Information Exposure via Shortcode vulnerability

Authenticated Contributor+ Sensitive Information Exposure via Shortcode vulnerability discovered by Ankit Patel in WordPress Plugin Elementor Pro versions = 3.25.10...

CVE-2025-22763

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Brizy Pro allows Reflected XSS. This issue affects Brizy Pro: from n/a through 2.6.1...

CVE-2024-5426

CVE-2024-5426 affects the Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin. It allows Stored Cross-Site Scripting via the svg parameter in all versions up to and including 1.8.23 due to insufficient input sanitization and output escaping. Impact: authenticated attackers can...

CVE-2023-37739

i-doit Pro v25 and below was discovered to be vulnerable to path traversal...

CVE-2023-37755

i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator...

i-doit Path Traversal Vulnerability

i-doit is a configuration management database software from i-doit Inc. A security vulnerability exists in i-doit pro v25 and prior versions that stems from the presence of a path traversal vulnerability...

Adobe Premiere Pro Multiple Vulnerabilities (APSB21-117) - Windows

Adobe Premiere Pro is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

iThemes Security Free (< 7.9.1) & Pro (< 6.8.4) - Hide Backend Bypass

Both the iThemes Security free and pro versions were affected. - Patched in Version iThemes Security: 7.9.1 - Patched in Version iThemes Security Pro: 6.8.4 The bug allowed attackers to bypass the "Hide Backend" feature, that, when enabled, hides the WordPress wp-login.php and wp-admin pages...

Papoo cms 跨站请求伪造漏洞

Papoo cms is an application from the German company Papoo. for modern portable SEO websites Papoo suffers from a cross-site request forgery vulnerability that originates from a cross-site request forgery in the administration interface, which can be used by an attacker to gain privileges. The...