EUVD-2009-2574

Malware in sbrugna...

EUVD-2025-15789

Malicious code in bioql PyPI...

CVE-2025-32925

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in FantasticPlugins SUMO Reward Points rewardsystem allows PHP Local File Inclusion.This issue affects SUMO Reward Points: from n/a through = 30.7.0...

CVE-2025-32925

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in FantasticPlugins SUMO Reward Points allows PHP Local File Inclusion.This issue affects SUMO Reward Points: from n/a through 30.7.0...

CVE-2025-32925

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in FantasticPlugins SUMO Reward Points rewardsystem allows PHP Local File Inclusion.This issue affects SUMO Reward Points: from n/a through = 30.7.0...

CVE-2025-32925 WordPress SUMO Reward Points plugin <= 30.7.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in FantasticPlugins SUMO Reward Points rewardsystem allows PHP Local File Inclusion.This issue affects SUMO Reward Points: from n/a through = 30.7.0...

CVE-2025-32925

CVE-2025-32925 involves WordPress plugin SUMO Reward Points (FantasticPlugins) ≤ 30.7.0 and is a Local File Inclusion (LFI) due to improper filename control in PHP include/require. Public references in the provided material identify SUMO Reward Points for WooCommerce as affected, with versions up...

CVE-2025-32925 WordPress SUMO Reward Points plugin <= 30.7.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in FantasticPlugins SUMO Reward Points rewardsystem allows PHP Local File Inclusion.This issue affects SUMO Reward Points: from n/a through = 30.7.0...

PT-2025-22087 · Fantasticplugins · Fantasticplugins Sumo Reward Points

Name of the Vulnerable Software and Affected Versions: FantasticPlugins SUMO Reward Points versions through 30.7.0 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion'. This allows PHP Local Fi...

WordPress plugin SUMO Reward Points 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress SUMO Reward Points plugin <= 30.7.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin SUMO Reward Points versions = 30.7.0...

General Motors suffers credential stuffing attack

American car manufacturer General Motors GM says it experienced a credential stuffing attack last month. During the attack customer information and reward points were stolen. The subject of the attack was an online platform, run by GM, to help owners of Chevrolet, Buick, GMC, and Cadillac vehicle...

The Changing Face of Loyalty Programs Amid and Post-COVID-19

COVID-19 has undoubtedly prompted the Hospitality and Travel industry into a new era of customer loyalty. Currently, "shelter in place" or similar nonessential travel bans are instituted by many countries and companies across the world. Once travel restrictions are lifted, there will be a...

Bug Bounty to Reward Researchers with Redeemable Points

IntegraXor, a manufacturer of supervisory control and data acquisition SCADA equipment, announced last week that it would implement a bug bounty program offering points redeemable for company services to researchers that disclose security vulnerabilities in their IGX SCADA system. In most bug...

CVE-2009-2579

SQL injection vulnerability in rewardpoints.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sortorder parameter in a rewardpoints.userlog action to index.php, a different vulnerability than CVE-2005-4429.2...

Sql injection

SQL injection vulnerability in rewardpoints.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sortorder parameter in a rewardpoints.userlog action to index.php, a different vulnerability than CVE-2005-4429.2...

CVE-2009-2579

SQL injection vulnerability in rewardpoints.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sortorder parameter in a rewardpoints.userlog action to index.php, a different vulnerability than CVE-2005-4429.2...

CVE-2009-2579

CS-Cart CVE-2009-2579 is a SQL injection in the reward_points.post.php script (reward_points addon) exploitable via the sort_order parameter in the reward_points.userlog flow. The advisory (Bonsai-2009-0100) indicates vulnerable versions