CVE-2025-12961

The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due to a missing capability check on the 'wpajaxsavesettings' AJAX action in all versions up to, and including, 1.3.3. This is due to the absence of any capability verification in the dlpnsavesettings...

EUVD-2024-50379

Malicious code in bioql PyPI...

CVE-2019-15744

The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyakisoftbank/keyakisoftbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app versionCode=1413005, versionName=1.3.0 that allows unauthoriz...

CVE-2023-3244

The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restoresettings function called via an AJAX action in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers with minimal...

CVE-2019-15466

The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakuraindia/sakuraindia:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app versionCode=1, versionName=QL1715201812191721 that allows...

Code injection

The Doogee BL5000 Android device with a build fingerprint of DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072355:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app versionCode=1, versionName=1 that allows unauthorized wireless settings modification via a...

CVE-2015-8361: Services exposed without authentication Vulnerability

Bamboo exposed services without first performing authentication checks. Attackers can use this vulnerability to extract confidential information from Bamboo, modify certain settings and manage build agents. To exploit this issue, attackers need to be able to access the Bamboo JMS port. Affected...