EUVD-2018-21849

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the deleteexportfile AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename paramet...

CVE-2018-25325 Woocommerce CSV Importer 3.3.6 Path Traversal File Deletion

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the deleteexportfile AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename paramet...

CVE-2018-25325

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the deleteexportfile AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename paramet...

PT-2026-41551

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete export file AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename...

Decidim amendments can be accepted or rejected by anyone

Impact The vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature is enabled. This also elevates the user accepting the amendment as the author of the original proposal as...

Decidim amendments can be accepted or rejected by anyone

Impact The vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature is enabled. This also elevates the user accepting the amendment as the author of the original proposal as...

SUSE CVE-2026-29060

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a registered user without privileges to create or modify file requests is able to create a short-lived API key that has the permission to do so. The user must be registered with...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the auth token process. An attacker can gain unauthorized privileges by creating a short-lived API key with elevated permissions. This is only exploitable if the attacker is a registered user without existing...

CVE-2026-1779

The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'registermember' function. This makes it possible for unauthenticated attackers to log in a newly registered user ...

CVE-2025-70064

PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user Patient can directly access the Administrator Dashboard and all sub-modules e.g., User Logs, Doctor Management by manually browsing to the /admin/ directory after authentication. This...

CVE-2025-70064

CVE-2025-70064 affects PHPGurukul Hospital Management System v4.0. A low-privileged user (Patient) can directly reach the Administrator Dashboard and sub-modules by navigating to the /admin/ directory after authentication, enabling privilege escalation to view confidential logs and modify system ...

CVE-2025-13648

CVE-2025-13648 describes a stored XSS in ZeusWeb 6.1.31 from Microcom. An attacker with access to the web application can inject arbitrary JavaScript by submitting an XSS payload into the Name and Surname fields in the My Account section at https://zeus.microcom.es:4040/administracion-estaciones....

EUVD-2019-13597

Malware in sbrugna...

EUVD-2007-4512

Malware in sbrugna...

EUVD-2018-8420

Malware in sbrugna...

EUVD-2023-58699

Malicious code in bioql PyPI...

EUVD-2024-43951

Malicious code in bioql PyPI...

EUVD-2023-53985

Malicious code in bioql PyPI...

PT-2025-37766

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.1.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay DXP version 2023.Q4.0 Liferay Portal 7.3 GA through update 35 Liferay Portal 7.4 GA through update 92 Description The default membership...

CVE-2025-6157

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registered-user-testing.php. The manipulation of the argument testtype leads to sql injection. The attack may be...