PT-2026-39460

A vulnerability was found in Dotouch XproUPF 2.0.0-release-088aa7c4. This impacts the function vlib worker loop in the library /usr/xpro/upf/tools/libs/libvlib.so of the component UPF Process. The manipulation results in denial of service. The vendor was contacted early about this disclosure...

EUVD-2025-2831

Malicious code in bioql PyPI...

EUVD-2025-9253

Malicious code in bioql PyPI...

CVE-2025-49968

Cross-Site Request Forgery CSRF vulnerability in Oganro XML Travel Portal Widget oganro-reservation-widget allows Cross Site Request Forgery.This issue affects XML Travel Portal Widget: from n/a through = 2.0...

CVE-2025-23549

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in agora32 Maniac SEO maniac-seo allows Reflected XSS.This issue affects Maniac SEO: from n/a through = 2.0...

CVE-2024-52421

Cross-Site Request Forgery CSRF vulnerability in wp-buy WP Popup Window Maker easy-popup-lightbox-maker allows Stored XSS.This issue affects WP Popup Window Maker: from n/a through = 2.0...

Lokomedia CMS - 'sukaCMS' Local File Disclosure

Software Link: http://bukulokomedia.com Version: 2.0 Tested on: all OS + Title : Local File Disclosure Vulnerability Lokomedia CMS sukaCMS + Vendor : http://bukulokomedia.com + Discovered : vir0e5 a.k.a banditc0de + Contact : vir0e5athackermaildotcom + Site : http://vir0e5.blogspot.com + DorK :...

Fez 1.32.0 RC1 - list.php SQL Injection

Fez 1.32.0 RC1 - list.php SQL Injection ------------------------------------------------------------------------------ Fez software Version 1.3 AND 2.0 RC1 list.php - SQL Injection Vulnerability http://sourceforge.net/projects/fez About:- Fez is an open source project to produce and maintain a...