24 matches found
EUVD-2020-16571
Malware in sbrugna...
EUVD-2018-14999
Malware in sbrugna...
EUVD-2021-21341
Malware in sbrugna...
EUVD-2022-5089
Malicious code in bioql PyPI...
EUVD-2023-24323
Malicious code in bioql PyPI...
EUVD-2024-15956
Malicious code in bioql PyPI...
EUVD-2024-33329
Malicious code in bioql PyPI...
EUVD-2024-23311
Malicious code in bioql PyPI...
CVE-2025-51628
Insecure Direct Object Reference IDOR vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter...
WordPress Ruza Theme <= 1.0.7 is vulnerable to Local File Inclusion
Software Ruza Type Theme Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2025-49255 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 6bd5103cfe41 Credits Phat RiO - BlueRock Required privilege...
CVE-2024-12222
The Deliver via Shipos for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dvsfwbulklabelurl’ parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2020-9107
HUAWEI P30 Pro versions earlier than 10.1.0.160C00E160R2P8 have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be...
WordPress Year Make Model Search for WooCommerce plugin <= 1.0.11 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Year Make Model Search for WooCommerce versions = 1.0.11...
CVE-2025-43005
CVE-2025-43005 affects SAP GUI for Windows via insecure obfuscation in GuiXT for storing credentials. This can lead to information disclosure with Low confidentiality impact. The issue is exploitable by an unauthenticated attacker and is classified with a Local attack vector and No privileges req...
CVE-2025-29650
...
WordPress Contact Form by Supsystic plugin <= 1.7.29 - Cross-Site Request Forgery to Stored Cross-Site Scripting via saveAsCopy AJAX Action vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting via saveAsCopy AJAX Action vulnerability discovered by Tim Coen in WordPress Plugin Contact Form by Supsystic versions = 1.7.29...
CVE-2024-8984
The CVE-2024-8984 entry describes a Denial of Service vulnerability in berriai/litellm v1.44.5 caused by improper handling of multipart HTTP boundaries. An attacker can append characters to the boundary, triggering unbounded resource consumption and service unavailability. The issue is unauthenti...
CVE-2024-13827
The Razorpay Subscription Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg and removequeryarg functions without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for...
CVE-2015-10123
An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer overflow will be triggered to gain full access of the device...
CVE-2024-50319
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service...