CVE-2026-34540 iccDEV: HBO in icMemDump()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow HBO in icMemDump when iccDumpProfile attempts to dump/describe malformed tag contents. The issue is observable under...

GHSA-H8GR-QWR6-M9GX Admidio is Missing CSRF Protection on Role Membership Date Changes

Summary The savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and removeformermembership against the CSRF token but omits savemembership from that...

PT-2026-20624

Name of the Vulnerable Software and Affected Versions IDonate – Blood Donation, Request And Donor Management System plugin for WordPress versions 2.1.5 through 2.1.9 Description The IDonate plugin for WordPress has a flaw that allows unauthorized privilege escalation. Attackers with...

CVE-2023-4935

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the createprofile function. This makes it possible for unauthenticated attackers to create profiles via a forged request granted th...

PT-2026-2080

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for interacting with International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 contain a Type Confusion issue within the...

EUVD-2025-197723

A vulnerability was identified in code-projects Student Information System 2.0. The impacted element is an unknown function of the file /editprofile.php. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be...

EUVD-2023-29084

Malicious code in bioql PyPI...

EUVD-2023-37525

Malicious code in bioql PyPI...

EUVD-2023-41061

Malicious code in bioql PyPI...

PT-2025-34779 · WordPress · Event List

Name of the Vulnerable Software and Affected Versions: Event List plugin for WordPress versions up to and including 2.0.4 Description: The Event List plugin for WordPress is susceptible to privilege escalation. This occurs because the plugin does not adequately validate a user’s capabilities befo...

Use of a Key Past its Expiration Date

Overview Affected versions of this package are vulnerable to Use of a Key Past its Expiration Date in the CreateOIDCJWTProfileClient function, which doesn't sufficiently check token expiry times for Authorization Grants. An attacker can obtain valid access tokens by using an expired JWT key...

WordPress plugin Ultimate Classified Listings 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress Plugin BEAR Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

CVE-2023-44061

File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component...

WordPress plugin Premium Packages - Sell Digital Products Securely Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-33362

Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function...

Sql injection

Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function...

CVE-2023-33362

Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function...

CVE-2023-33362

Piwigo 13.6.0 is affected by a remote SQL injection in the profile function. The vulnerability (CVE-2023-33362) has CVSS 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base 9.8). PoCs and public writeups exist (e.g., PACKETSTORM/ExploitsDB). A fix is available in Piwigo 13.7.0 and later; upgrading to 1...

CVE-2023-33362

Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function...