239 matches found
EUVD-2020-24143
Malware in sbrugna...
EUVD-2019-17670
Malware in sbrugna...
EUVD-2025-27713
Malicious code in bioql PyPI...
EUVD-2025-11437
Malicious code in bioql PyPI...
EUVD-2023-57532
Malicious code in bioql PyPI...
EUVD-2025-21756
Malicious code in bioql PyPI...
EUVD-2025-24546
Malicious code in bioql PyPI...
EUVD-2025-29004
Malicious code in bioql PyPI...
CVE-2025-34205 Vasion Print (formerly PrinterLogic) Dangerous PHP Dead Code Enables RCE
Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 VA and SaaS deployments contains dangerous PHP dead code present in multiple Docker-hosted PHP instances. A script named /var/www/app/resetroot.php found in several containers...
CVE-2025-10050 Developer Loggers for Simple History <= 0.5 - Authenticated (Admin+) Local File Inclusion
The Developer Loggers for Simple History plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.5 via the enabledloggers parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...
CVE-2025-9874
The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwpdashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
Linux Distros Unpatched Vulnerability : CVE-2018-1000875
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutabl...
CVE-2025-8142
The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'headerlayout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the serve...
CVE-2025-9060
A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...
CVE-2024-8393
CVE-2024-8393 / CVE-2024-8393 (Woocommerce Blocks – Woolook) affects the WordPress plugin “Woocommerce Blocks – Woolook” up to version 1.7.0. The underlying issue is a Local File Inclusion via the tab parameter, exploitable by authenticated users with Administrator-level access and above, potenti...
CVE-2025-9060
A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...
CVE-2025-9060
CVE-2025-9060 pertains to MSoft MFlash, where insufficient validation of parameters in the integration configuration functionality (accessible to administrators) can lead to arbitrary code execution on the server. Affects MFlash v8.0 (and possibly other versions). Reported remediation is to apply...
CVE-2025-8761
A vulnerability has been found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This vulnerability affects unknown code of the component Backend IPC Server. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-6715
The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...
CVE-2025-54453
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0...