EUVD-2026-38605

Module: plugins/modules/nexmo.py CVSS 3.1: 6.5 MEDIUM — AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: apikey and apisecret are declared nolog=True at the input level, but both credentials are immediately URL-encoded into a GET request as query parameters, bypassing all nolog protection. Vulnerable...

Astra Linux – Vulnerability in curl

There is an information disclosure vulnerability in curl v8.1.0 when performing HTTPS transfers. libcurl may incorrectly use the read callback CURLOPTREADFUNCTION to request data to be sent, even when the CURLOPTPOSTFIELDS option is set. This occurs if the same handle was previously used to issue...

CVE-2026-10806 mjperpinosa stumasy add_post.php unrestricted upload

A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/addpost.php. Performing a manipulation of the argument upfiletopost results in unrestricted upload. The attack may be initiated remotely. The exploit has been...

EUVD-2026-34252

A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/addpost.php. Performing a manipulation of the argument upfiletopost results in unrestricted upload. The attack may be initiated remotely. The exploit has been...

stumasy 代码问题漏洞

Stumasy is a student performance management and analysis system developed by Marejean Chernyak. Stumasy has code vulnerabilities; these vulnerabilities arise from an unknown function in the application/PHP/objects/updates/addpost.php file, which allows unlimited uploads due to improper handling o...

JLSEC-2026-396

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...

JLSEC-2026-410

An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...

CVE-2025-23878

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scott Reilly Post-to-Post Links easy-post-to-post-links allows Stored XSS.This issue affects Post-to-Post Links: from n/a through = 4.2...

Siemens Ruggedcom ROX Missing Encryption of Sensitive Data (CVE-2023-28322)

An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...

CVE-2025-65229

creationtimestamp| type| source ---|---|--- 2025-12-08 23:19:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7j662xtup2s...

Siemens SIMATIC S7-1500 Expected Behavior Violation (CVE-2022-32221)

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...

EUVD-2024-52548

Malicious code in bioql PyPI...

EUVD-2025-3499

Malicious code in bioql PyPI...

WordPress plugin PDF 2 Post 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

CVE-2024-54428

Cross-Site Request Forgery CSRF vulnerability in onigetoc Add image to Post add-image-to-post allows Stored XSS.This issue affects Add image to Post: from n/a through = 0.6...

WordPress Link to URL / Post plugin <=1.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Tri Doan in WordPress Plugin Link to URL / Post versions = 1.3...

CVE-2025-23878

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scott Reilly Post-to-Post Links easy-post-to-post-links allows Stored XSS.This issue affects Post-to-Post Links: from n/a through = 4.2...

WordPress Post-to-Post Links plugin <= 4.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Pham Van Tam in WordPress Plugin Post-to-Post Links versions = 4.2...

WordPress plugin Post-to-Post Links 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2024-54428

Cross-Site Request Forgery CSRF vulnerability in onigetoc Add image to Post add-image-to-post allows Stored XSS.This issue affects Add image to Post: from n/a through = 0.6...