221 matches found
PT-2025-40620
Name of the Vulnerable Software and Affected Versions WordPress Cost Calculator Builder plugin versions through 3.5.32 Description The Cost Calculator Builder plugin for WordPress has a flaw that allows unauthorized data modification. A missing capability check in the get cc orders and update ord...
EUVD-2024-30326
Malicious code in bioql PyPI...
EUVD-2025-28780
Malicious code in bioql PyPI...
EUVD-2023-59670
Malicious code in bioql PyPI...
EUVD-2023-51425
Malicious code in bioql PyPI...
EUVD-2024-23232
Malicious code in bioql PyPI...
GHSA-P8HW-RFJG-689H
creationtimestamp| type| source ---|---|--- 2025-10-02 12:32:45+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115304586574138947...
GHSA-2JJV-QF24-VFM4
creationtimestamp| type| source ---|---|--- 2025-09-24 19:49:37+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115261005955876055...
wazuh
This repository is an issue template for Wazuh, a free and open-source platform for threat prevention, detection, and response. The repository contains various templates for reporting bugs, making feature requests, and testing integration and component tests. The templates are organized by...
CVE-2025-58049
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...
CVE-2025-58049
CVE-2025-58049 affects XWiki Platform components where PDF export jobs serialize request context, including cookies, into job status files. The root cause is unencrypted storage of user cookies (potentially exposing credentials) in the permanent data directory after a PDF export completes. Affect...
CVE-2025-58049 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...
CVE-2025-58049 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...
GHSA-9M7C-M33F-3429 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses
Impact The PDF export uses a background job that runs on the server-side. Jobs like this have a status that is serialized in the permanent directory when the job is finished. The job status includes the job request. The PDF export job request is initialized, before the job starts, with some conte...
MAL-2025-41469 Malicious code in @twork-data-services/checking-account-option-statuses (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2025-9526
creationtimestamp| type| source ---|---|--- 2025-08-27 13:09:13+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115100886714680020...
CVE-2025-29524
creationtimestamp| type| source ---|---|--- 2025-08-25 14:40:55+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115089922710164590...
CVE-2025-7221
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the giveupdatepaymentstatus function in all versions up to, and including, 4.5.0. This makes it possible for authenticated attackers,...
CVE-2025-7221 GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the giveupdatepaymentstatus function in all versions up to, and including, 4.5.0. This makes it possible for authenticated attackers,...
GHSA-HQR4-4GFC-5P2J
creationtimestamp| type| source ---|---|--- 2025-08-19 18:39:17+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115056886214495468...