23 matches found
EUVD-2015-3043
Malware in sbrugna...
EUVD-2012-5975
Malware in sbrugna...
EUVD-2011-4234
Malware in sbrugna...
EUVD-2022-52071
Malicious code in bioql PyPI...
EUVD-2022-3244
Malicious code in bioql PyPI...
EUVD-2023-58214
Malicious code in bioql PyPI...
EUVD-2025-7357
Malicious code in bioql PyPI...
EUVD-2023-12340
Malicious code in bioql PyPI...
EUVD-2022-2053
Malicious code in bioql PyPI...
EUVD-2023-12438
Malicious code in bioql PyPI...
CVE-2025-5117
The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the propertypackageuserrole metadata in versions 1.0.5 to 1.0.6. This makes it possible for authenticated attackers, with Author‐level access and above, to elevate their...
CVE-2024-5627
The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...
CVE-2022-4627
The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege use...
CVE-2022-4458
The amr shortcode any widget WordPress plugin through 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hig...
CVE-2021-24781
The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts even those they should not be able to edit...
CVE-2019-12872
dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via viewunpushedbundles.jsp...
Linux Distros Unpatched Vulnerability : CVE-2023-22462
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. On 2023-01-01 during an internal audit of Grafana, a member of the security team found a...
CVE-2024-28100
eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a li...
CVE-2024-2762
The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks...
CVE-2022-4578 Video Conferencing with Zoom < 4.0.10 - Contributor+ Stored XSS
The Video Conferencing with Zoom WordPress plugin before 4.0.10 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used again...