WordPress YITH WooCommerce Quick View plugin <= 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yith_quick_view Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via yithquickview Shortcode vulnerability discovered by zaim in WordPress Plugin YITH WooCommerce Quick View versions = 2.7.0...

OESA-2025-2845 qt6-qtdeclarative security update

. Security Fixes: Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text componen...

OESA-2025-2844 qt6-qtdeclarative security update

. Security Fixes: Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text componen...

CVE-2024-58308

Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative access to the system...

CVE-2024-58308

Quick.CMS 6.7 contains a SQL injection in the login form that lets unauthenticated attackers bypass login and gain unauthorized administrative access. Root cause: injection in the username parameter of the login query. Impact: high risk of full admin compromise. Remediation: sanitize input in the...

CVE-2024-58308 Quick.CMS 6.7 SQL Injection Authentication Bypass via Admin Login

Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative access to the system...

CVE-2024-58308 Quick.CMS 6.7 SQL Injection Authentication Bypass via Admin Login

Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative access to the system...

CVE-2025-56107

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submitwifi in file /usr/lib/lua/luci/controller/admin/commonquickconfig.lua...

Malwarebytes for Mac now has smarter, deeper scans

Say hello to the upgraded Malwarebytes for Mac —now with more robust protection, more control, and the same trusted defense you count on every day. We’ve given our Mac scan engine a serious intelligence boost, so it thinks faster and digs deeper. The new enhanced scan searches across more of your...

EUVD-2025-202608

Command injection vulnerabilities in Aqara Camera Hub G3 4.1.90027 allow attackers to execute arbitrary commands with root privileges through malicious QR codes during device setup and factory reset...

Opensolution Quick.Cms SQL注入漏洞

Opensolution Quick.Cms is a website builder for building text management platforms from Opensolution Poland. An SQL injection vulnerability exists in Opensolution Quick.Cms version 6.7, which stems from an SQL injection in the login form that could lead to unauthorized administrator access...

PT-2025-50760

Name of the Vulnerable Software and Affected Versions Quick.CMS version 6.7 Description The software contains a SQL injection flaw that allows unauthenticated attackers to bypass login authentication. Attackers can manipulate the login form with SQL payloads, such as ' or '1'='1, to gain...

CVE-2025-62153

Missing Authorization vulnerability in Graham Quick Interest Slider quick-interest-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Interest Slider: from n/a through = 3.1.7...

CVE-2025-67471

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Cross Site Request Forgery.This issue affects Quick Contact Form: from n/a through = 8.2.5...

EUVD-2025-202133

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Cross Site Request Forgery.This issue affects Quick Contact Form: from n/a through = 8.2.5...

EUVD-2025-202028

Missing Authorization vulnerability in Graham Quick Interest Slider quick-interest-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Interest Slider: from n/a through = 3.1.5...

CVE-2025-67471

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Cross Site Request Forgery.This issue affects Quick Contact Form: from n/a through = 8.2.5...

CVE-2025-62153

Missing Authorization vulnerability in Graham Quick Interest Slider quick-interest-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Interest Slider: from n/a through = 3.1.7...

CVE-2025-62153

CVE-2025-62153 concerns WordPress plugin “Quick Interest Slider” (versions up to 3.1.7) with a Missing Authorization / Broken Access Control flaw. Public descriptions from NVD/Red Hat/ENISA (and CVE enrichment) indicate an improper access-control configuration that could allow an attacker to expl...

CVE-2025-62153 WordPress Quick Interest Slider plugin <= 3.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Graham Quick Interest Slider quick-interest-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Interest Slider: from n/a through = 3.1.7...