4950 matches found
EUVD-2025-10973
Malicious code in bioql PyPI...
EUVD-2024-17172
Malicious code in bioql PyPI...
EUVD-2023-32130
Malicious code in bioql PyPI...
EUVD-2023-57768
Malicious code in bioql PyPI...
EUVD-2022-29432
Malicious code in bioql PyPI...
EUVD-2023-3193
Malicious code in bioql PyPI...
EUVD-2023-2476
Malicious code in bioql PyPI...
Exploit for CVE-2025-8625
CVE-2025-8625 Copypress Rest API 1.1 - 1.2 - Missing Configura...
CVE-2025-9209
The CVE concerns RestroPress – Online Food Ordering System (WordPress) versions 3.0.0–3.1.9.2. Affected endpoint /wp-json/wp/v2/users exposes user private tokens and API data, enabling unauthenticated attackers to forge JWT tokens and authenticate as other users (including admins). This constitut...
CVE-2025-20371
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery SSRF potentially letting an attacker perform REST API calls on...
CVE-2025-20371
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery SSRF potentially letting an attacker perform REST API calls on...
CVE-2025-8625
The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreaphandleimage Function in versions 1.1 to 1.2. The plugin falls back to a hard-coded JWT signing key when no secret is defined and does not restrict which file types can be fetched and saved as attachment...
Splunk Enterprise 9.2.0 < 9.2.8, 9.3.0 < 9.3.6, 9.4.0 < 9.4.4, 10.0.0 < 10.0.1 (SVD-2025-1006)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1006 advisory. - In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109,...
CVE-2025-8625 Copypress Rest API 1.1 - 1.2 - Missing Configurable JWT Secret and File-Type Validation to Unauthenticated Remote Code Execution
The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreaphandleimage Function in versions 1.1 to 1.2. The plugin falls back to a hard-coded JWT signing key when no secret is defined and does not restrict which file types can be fetched and saved as attachment...
CVE-2025-8625
The Copypress Rest API plugin for WordPress (versions 1.1–1.2) is vulnerable to Remote Code Execution due to a hard-coded JWT signing key when no secret is configured and lack of file-type validation, allowing unauthenticated attackers to forge tokens and upload arbitrary files (e.g., PHP shells)...
CVE-2025-8625 Copypress Rest API 1.1 - 1.2 - Missing Configurable JWT Secret and File-Type Validation to Unauthenticated Remote Code Execution
The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreaphandleimage Function in versions 1.1 to 1.2. The plugin falls back to a hard-coded JWT signing key when no secret is defined and does not restrict which file types can be fetched and saved as attachment...
CVE-2025-56449
A security vulnerability was identified in Obsidian Scheduler's REST API 5.0.0 thru 6.3.0. If an account is locked out due to not enrolling in MFA e.g. after the 7-day enforcement window, the REST API still allows the use of Basic Authentication to authenticate and perform administrative actions...
WordPress Copypress Rest API plugin 1.1-1.2 - Unauthenticated Remote Code Execution vulnerability
Unauthenticated Remote Code Execution vulnerability discovered by kr0d in WordPress Plugin Copypress Rest API versions 1.1-1.2...
PT-2025-39945
Name of the Vulnerable Software and Affected Versions Copypress Rest API plugin for WordPress versions 1.1 through 1.2 Description The Copypress Rest API plugin for WordPress is susceptible to Remote Code Execution through the copyreap handle image function. The plugin utilizes a hard-coded JWT...
CVE-2025-34216 Vasion Print (formerly PrinterLogic) RCE and Password Leaks via API
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 VA deployments only expose a set of unauthenticated REST API endpoints that return configuration files and clear‑text passwords. The same endpoints also disclose the...