116 matches found
EUVD-2025-48940
Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, an administrator can, by editing the configuration of the iTop instance, execute code on the server. Versions 2.7.13 and 3.2.2 escape and check the config parameter before executing a command based on i...
Combodo iTop 注入漏洞
Combodo iTop is a suite of open source web applications developed by French company Combodo based on ITIL and used for the daily operation of IT environments. The program provides incident management, configuration management and problem management. An injection vulnerability exists in Combodo iT...
PT-2025-46182
Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 2.7.13 Combodo iTop versions prior to 3.2.2 Description Combodo iTop is a web-based IT service management tool. An administrator can execute code on the server by editing the configuration of the iTop instance in...
CVE-2025-11948 Excellent Infotek|Document Management System - Arbitrary File Upload
Document Management System developed by Excellent Infotek has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
EUVD-2020-24143
Malware in sbrugna...
EUVD-2025-27713
Malicious code in bioql PyPI...
EUVD-2025-11437
Malicious code in bioql PyPI...
EUVD-2023-57532
Malicious code in bioql PyPI...
EUVD-2025-21756
Malicious code in bioql PyPI...
EUVD-2025-24546
Malicious code in bioql PyPI...
EUVD-2025-29004
Malicious code in bioql PyPI...
CVE-2025-10050 Developer Loggers for Simple History <= 0.5 - Authenticated (Admin+) Local File Inclusion
The Developer Loggers for Simple History plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.5 via the enabledloggers parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...
CVE-2025-9874
The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwpdashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
CVE-2025-8142
The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'headerlayout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the serve...
CVE-2025-9060
A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...
CVE-2024-8393
CVE-2024-8393 / CVE-2024-8393 (Woocommerce Blocks – Woolook) affects the WordPress plugin “Woocommerce Blocks – Woolook” up to version 1.7.0. The underlying issue is a Local File Inclusion via the tab parameter, exploitable by authenticated users with Administrator-level access and above, potenti...
CVE-2025-9060
A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...
CVE-2025-9060
CVE-2025-9060 pertains to MSoft MFlash, where insufficient validation of parameters in the integration configuration functionality (accessible to administrators) can lead to arbitrary code execution on the server. Affects MFlash v8.0 (and possibly other versions). Reported remediation is to apply...
CVE-2025-6715
The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...
CVE-2025-47867
A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations...