321 matches found
CVE-2025-62614 BookLore Media API Authentication Bypass
BookLore is a self-hosted web app for organizing and managing personal book collections. In versions 1.8.1 and prior, an authentication bypass vulnerability in the BookMediaController allows any unauthenticated user to access and download book covers, thumbnails, and complete PDF/CBX page content...
PT-2025-43409
Name of the Vulnerable Software and Affected Versions BookLore versions 1.8.1 and prior Description BookLore is a self-hosted web app for managing book collections. Versions prior to a recent update have an authentication bypass issue in the BookMediaController. This allows unauthenticated users ...
CVE-2025-11176
CVE-2025-11176 affects the WordPress plugin “Quick Featured Images” (versions up to 13.7.2). The vulnerability is an Insecure Direct Object Reference (IDOR) in the qfi_set_thumbnail and qfi_delete_thumbnail AJAX actions caused by missing validation of a user-controlled key. This allows authentica...
EUVD-2025-34513
The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 13.7.2 via the qfisetthumbnail and qfideletethumbnail AJAX actions due to missing validation on a user controlled key. This makes it possible for authenticated...
EUVD-2018-17816
Malware in sbrugna...
EUVD-2006-6230
Malware in sbrugna...
EUVD-2025-19344
Malicious code in bioql PyPI...
EUVD-2023-53759
Malicious code in bioql PyPI...
EUVD-2025-7939
Malicious code in bioql PyPI...
EUVD-2022-42352
Malicious code in bioql PyPI...
EUVD-2022-42353
Malicious code in bioql PyPI...
EUVD-2021-28274
Malicious code in bioql PyPI...
EUVD-2023-51391
Malicious code in bioql PyPI...
EUVD-2025-14734
Malicious code in bioql PyPI...
EUVD-2023-56892
Malicious code in bioql PyPI...
EUVD-2025-31292
Malicious code in bioql PyPI...
EUVD-2025-8813
Malicious code in bioql PyPI...
EUVD-2025-2204
Malicious code in bioql PyPI...
CVE-2025-60108
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails all-in-one-thumbnailsBanner allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Banner with Thumbnails: from n/a...
WordPress LambertGroup - AllInOne - Banner with Thumbnails Plugin <= 3.8 - SQL Injection Vulnerability
WordPress LambertGroup - AllInOne - Banner with Thumbnails Plugin = 3.8 - SQL Injection Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin LambertGroup - AllInOne - Banner with Thumbnails versions = 3.8...