Combodo iTop 注入漏洞

Combodo iTop is a suite of open source web applications developed by French company Combodo based on ITIL and used for the daily operation of IT environments. The program provides incident management, configuration management and problem management. An injection vulnerability exists in Combodo iT...

CVE-2025-11948 Excellent Infotek｜Document Management System - Arbitrary File Upload

Document Management System developed by Excellent Infotek has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

EUVD-2020-24143

Malware in sbrugna...

EUVD-2025-29004

Malicious code in bioql PyPI...

EUVD-2025-21756

Malicious code in bioql PyPI...

EUVD-2025-24546

Malicious code in bioql PyPI...

EUVD-2023-57532

Malicious code in bioql PyPI...

EUVD-2025-11437

Malicious code in bioql PyPI...

EUVD-2025-27713

Malicious code in bioql PyPI...

CVE-2025-10050 Developer Loggers for Simple History <= 0.5 - Authenticated (Admin+) Local File Inclusion

The Developer Loggers for Simple History plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.5 via the enabledloggers parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...

CVE-2025-9874

The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwpdashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

CVE-2025-8142

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'headerlayout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the serve...

CVE-2025-9060

A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...

CVE-2024-8393

CVE-2024-8393 / CVE-2024-8393 (Woocommerce Blocks – Woolook) affects the WordPress plugin “Woocommerce Blocks – Woolook” up to version 1.7.0. The underlying issue is a Local File Inclusion via the tab parameter, exploitable by authenticated users with Administrator-level access and above, potenti...

CVE-2025-9060

A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...

CVE-2025-9060

CVE-2025-9060 pertains to MSoft MFlash, where insufficient validation of parameters in the integration configuration functionality (accessible to administrators) can lead to arbitrary code execution on the server. Affects MFlash v8.0 (and possibly other versions). Reported remediation is to apply...

CVE-2025-6715

The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

CVE-2025-47867

A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations...

CVE-2025-32015 FreshRSS vulnerable to Cross-site Scripting by embedding <script> tag inside <iframe srcdoc>

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the attribute, which leads to cross-site scripting XSS by loading an attacker's UserJS inside . In order to execute the attack, the attacker needs to control one of the victim's feeds and...

CVE-2023-29527

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions a user without script or programming right may edit a user profile or any other document with the wiki editor and add groovy script content. Viewing the document after...