CVE-2025-55745 UnoPim Quick Export feature is vulnerable to CSV injection

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported...

CVE-2025-8618

The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woosqbtn shortcode in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

PT-2025-34444 · Microsoft +1 · Office Excel +1

Name of the Vulnerable Software and Affected Versions: UnoPim versions prior to 0.3.1 Description: UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are susceptible to CSV injection, also known as formula injection, in the...

CVE-2025-9298

A flaw has been found in Tenda M3 1.0.0.12. Affected is the function formQuickIndex of the file /goform/QuickIndex. Executing manipulation of the argument PPPOEPassword can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used...

CVE-2025-9298

A flaw has been found in Tenda M3 1.0.0.12. Affected is the function formQuickIndex of the file /goform/QuickIndex. Executing manipulation of the argument PPPOEPassword can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used...

CVE-2025-54175

QuickCMS.EXT is vulnerable to Reflected XSS in sFileName parameter in thumbnail viewer functionality. An attacker can craft a malicious URL that results in arbitrary JavaScript execution in the victim's browser when opened. The vendor was notified early about this vulnerability, but didn't respon...

CVE-2025-8618

The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woosqbtn shortcode in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

WordPress plugin WPC Smart Quick View for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-34050

Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 QuickCMS affected versions not specified Description: QuickCMS is vulnerable to Stored Cross-Site Scripting XSS in the sTitle parameter within the page editor functionality. A malicious attacker with admin privileges can...

PT-2025-34052

Name of the Vulnerable Software and Affected Versions: QuickCMS.EXT version 6.8 QuickCMS.EXT affected versions not specified Description: QuickCMS.EXT is susceptible to a Reflected Cross-Site Scripting XSS issue within the thumbnail viewer functionality. An attacker can create a malicious URL tha...

PT-2025-33904 · Unknown +1 · Woocommerce +1

Name of the Vulnerable Software and Affected Versions: WPC Smart Quick View for WooCommerce plugin versions up to and including 4.2.1 Description: The WPC Smart Quick View for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through the woosq btn shortcode...

WordPress WPC Smart Quick View for WooCommerce plugin <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via woosq_btn Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via woosqbtn Shortcode vulnerability discovered by zaim in WordPress Plugin WPC Smart Quick View for WooCommerce versions = 4.2.1...

CVE-2025-54145 Scanning a malicious URL utilizing Firefox's open-text scheme with the QR code scanner could load arbitrary websites

The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme. This vulnerability was fixed in Firefox for iOS 141...

CVE-2025-54145 Scanning a malicious URL utilizing Firefox's open-text scheme with the QR code scanner could load arbitrary websites

The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme. This vulnerability was fixed in Firefox for iOS 141...

Malicious code in quick-start_onnxruntime-node (npm)

The package quick-startonnxruntime-node was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

Malicious code in authorize-theta-xi-quick-user (npm)

The package authorize-theta-xi-quick-user was found to contain malicious code...

Malicious code in yaml-psi-tau-void-quick (npm)

The package yaml-psi-tau-void-quick was found to contain malicious code...

MAL-2025-18307 Malicious code in deserialize-slow-warn-quick-export (npm)

The package deserialize-slow-warn-quick-export was found to contain malicious code...

MAL-2025-39768 Malicious code in xi-web-data-water-quick (npm)

The package xi-web-data-water-quick was found to contain malicious code...

MAL-2025-31297 Malicious code in quick-start_onnxruntime-node (npm)

The package quick-startonnxruntime-node was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...