382 matches found
WordPress Jock On Air Now (JOAN) plugin <= 6.0.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Jock On Air Now JOAN versions = 6.0.4...
Malicious code in mahmoudtest (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 72d145d1c87ce8ee88e57350f32db7041f4a990fa68d1cba09cf285ef03959a8 Any computer that has this package installed or running should be considered...
CVE-2025-59844 Argument injection vulnerability in SonarQube Scan Action
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows...
CVE-2025-59844
The CVE-2025-59844 entry pertains to SonarQube Scan Action (GitHub Action). A command injection vulnerability exists in versions 4.0.0 through before 6.0.0 when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This root cause allows arbitrar...
CVE-2025-60139
CVE-2025-60139 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin official-sendle-shipping-method (Sendle Shipping). It affects Sendle Shipping versions from n/a up to and including 6.02. The associated CVSS 3.1 metrics indicate a Medium risk (4.3) with network attack ve...
PT-2025-39662
Name of the Vulnerable Software and Affected Versions SonarQube versions prior to 6.0.0 Description A command injection issue exists in the SonarQube GitHub Action when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This bypasses a previou...
GO-2025-3976 Grafana-Zabbix ReDoS vulnerability in github.com/alexanderzobnin/grafana-zabbix
Grafana-Zabbix ReDoS vulnerability in github.com/alexanderzobnin/grafana-zabbix. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...
CVE-2025-57977
Cross-Site Request Forgery CSRF vulnerability in wpdesk Flexible PDF Invoices for WooCommerce & WordPress flexible-invoices allows Cross Site Request Forgery.This issue affects Flexible PDF Invoices for WooCommerce & WordPress: from n/a through = 6.0.13...
PT-2025-38303
Name of the Vulnerable Software and Affected Versions invokeai versions v6.0.0a1 and below Description A vulnerability allows attackers to perform path traversal and arbitrary file deletion. This is achieved via the GET /api/v1/images/download/bulk download item name endpoint by manipulating the...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a permissive API. An attacker can retrieve unauthorized workflow definitions by specifying their names through crafted API requests. Remediation Upgrade...
Linux Distros Unpatched Vulnerability : CVE-2019-1010016
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr 6.0.4 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is:...
Arbitrary Code Injection
Overview pyinstaller is a package that bundles a Python application and all its dependencies into a single package Affected versions of this package are vulnerable to Arbitrary Code Injection in the bootstrap process. An attacker can achieve arbitrary code execution by placing malicious files or...
CVE-2025-59042
CVE-2025-59042 is a PyInstaller-related issue. In PyInstaller builds older than 6.0.0, the bootstrap process appends a special entry to sys.path and may load an optional bytecode-decryption module, enabling an unprivileged attacker to execute arbitrary Python code if they can place a file/dir nex...
CVE-2025-10059
Summary: A vulnerability in MongoDB where an improper setting of the lsid field on a sharded query can crash MongoDB routers. Root cause: mis-handling of a generic argument (lsid) when not applicable. Affected versions: MongoDB Server 6.0.x before 6.0.24; 7.0.x before 7.0.18; 8.0.x before 8.0.6. ...
Linux Distros Unpatched Vulnerability : CVE-2021-21441
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Atta...
Linux Distros Unpatched Vulnerability : CVE-2025-3016
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function...
SUSE-SU-2025:20626-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_11
This update for kernel-livepatch-MICRO-6-0-RTUpdate11 fixes the following issues: This is the initial livepatch for the Update 11 of the RT Kernel for SL Micro 6.0 and 6.1...
CVE-2025-50031 WordPress DB Backup <= 6.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in syedamirhussain91 DB Backup db-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DB Backup: from n/a through = 6.0...
CVE-2025-50031
CVE-2025-50031 concerns the WordPress plugin DB Backup, specifically versions through 6.0. The issue is a Missing Authorization / Broken Access Control vulnerability caused by incorrectly configured access control security levels, potentially enabling unauthorized access. According to Patchstack/...
WordPress plugin SMM API 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...