128 matches found
WordPress plugin Spin Wheel has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2023-49279
Umbraco is an ASP.NET content management system CMS. Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a...
EUVD-2025-199618
The Primakon Pi Portal 1.0.18 /api/V2/ppusers?email endpoint is used for user data filtering but lacks proper server-side validation against the authenticated session. By manipulating the email parameter to an arbitrary value e.g., [email protected], an attacker can assume the session and gain...
CVE-2025-63800
The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to missing server-side validation. When an authenticated user omits or leaves the password and repeatpassword parameters empty in the password change request, the...
VulnCheck KEV: CVE-2021-4462
Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side...
CVE-2025-60784
A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase...
CVE-2025-60784
A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase...
CVE-2025-11890
The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a payments status through server-side validation though the /wc-api/bp-payeer-gateway-callback...
CVE-2025-60375
CVE-2025-60375 affects Perfex CRM versions prior to 3.3.1. The issue is an authentication bypass caused by insufficient server-side validation of login parameters, allowing an attacker to gain unauthorized access (including admin accounts) by submitting empty username and password values. Exploit...
CVE-2025-60375
The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validation. By sending empty username and password parameters in the login request, an attacker can gain unauthorized access to user accounts, including...
EUVD-2020-17397
Malware in sbrugna...
EUVD-2020-7137
Malware in sbrugna...
EUVD-2020-17279
Malware in sbrugna...
EUVD-2015-2947
Malware in sbrugna...
EUVD-2014-5505
Malware in sbrugna...
EUVD-2020-7591
Malware in sbrugna...
EUVD-2024-22426
Malicious code in bioql PyPI...
EUVD-2021-8804
Malicious code in bioql PyPI...
EUVD-2025-13046
Malicious code in bioql PyPI...
EUVD-2024-38231
Malicious code in bioql PyPI...