54 matches found
CVE-2026-6072 Oliver POS <= 2.4.2.6 - Unauthenticated Authorization Bypass Through User-Controlled Key to 'OliverAuth' Header
The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin protects its entire /wp-json/pos-bridge/ REST API namespace through the oliverposrestauthentication...
Exploit for CVE-2025-24000
CVE-2025-24000 — Post SMTP Privilege Escalation Exploit Ov...
CVE-2026-2694
The The Events Calendar plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to an improper capability check on the 'canedit' and 'candelete' function in all versions up to, and including, 6.15.16. This makes it possible for authenticated attackers, with...
CVE-2024-39715
A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server...
GHSA-V3F3-RF6R-43X5 Jenkins Coverage Plugin has a stored cross-site scripting (XSS) vulnerability
Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...
EUVD-2020-29459
Malware in sbrugna...
EUVD-2021-24568
Malware in sbrugna...
EUVD-2021-22845
Malware in sbrugna...
EUVD-2025-6148
Malicious code in bioql PyPI...
EUVD-2024-34996
Malicious code in bioql PyPI...
EUVD-2024-16473
Malicious code in bioql PyPI...
EUVD-2022-52769
Malicious code in bioql PyPI...
EUVD-2022-51762
Malicious code in bioql PyPI...
EUVD-2025-17687
Malicious code in bioql PyPI...
EUVD-2024-47017
Malicious code in bioql PyPI...
EUVD-2024-16471
Malicious code in bioql PyPI...
EUVD-2022-33500
Malicious code in bioql PyPI...
CVE-2025-55739
api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© PBX. In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple systems that installed the same FreePBX RPM or DEB package. An...
CVE-2025-49584
XWiki is a generic wiki platform. In XWiki Platform versions 10.9 through 16.4.6, 16.5.0-rc-1 through 16.10.2, and 17.0.0-rc-1, the title of every single page whose reference is known can be accessed through the REST API as long as an XClass with a page property is accessible, this is the default...
CVE-2025-49584
XWiki is a generic wiki platform. In XWiki Platform versions 10.9 through 16.4.6, 16.5.0-rc-1 through 16.10.2, and 17.0.0-rc-1, the title of every single page whose reference is known can be accessed through the REST API as long as an XClass with a page property is accessible, this is the default...