21 matches found
EUVD-2020-27320
Malware in sbrugna...
EUVD-2019-9506
Malware in sbrugna...
EUVD-2025-5873
Malicious code in bioql PyPI...
EUVD-2022-41739
Malicious code in bioql PyPI...
EUVD-2022-52012
Malicious code in bioql PyPI...
CVE-2022-4700
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredtheme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...
CVE-2025-27415
Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as...
Nuxt allows DOS via cache poisoning with payload rendering response
Summary By sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as https://mysite.com/?/payload.json which will be rendered as JSON. If the CDN ...
CVE-2025-27415
Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as...
CVE-2025-27415 Nuxt allows DOS via cache poisoning with payload rendering response
Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as...
CVE-2019-19915
The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users with subscriber or greater access to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=epsredirectsave and /admin-ajax.php?action=epsredirectdelete actions. This coul...
BIT-MEDIAWIKI-2022-39194
An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions including page moves were performed...
CVE-2022-4700
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredtheme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...
CVE-2022-4700
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredtheme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...
CVE-2022-4700
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredtheme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...
Improper access control
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredtheme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...
CVE-2022-4702 Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin Deactivation
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprfixroyalcompatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to deactivate every plugin on...
CVE-2022-4700 Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Theme Activation
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredtheme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...
CVE-2020-6168
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings impacting the availability and confidentiality of a vulnerable site, along with the integrity of the setting...
Cross site scripting
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings impacting the availability and confidentiality of a vulnerable site, along with the integrity of the setting...