EUVD-2025-3980

Malicious code in bioql PyPI...

EUVD-2024-49621

Malicious code in bioql PyPI...

EUVD-2024-50765

Malicious code in bioql PyPI...

EUVD-2024-51014

Malicious code in bioql PyPI...

EUVD-2025-4289

Malicious code in bioql PyPI...

EUVD-2023-57579

Malicious code in bioql PyPI...

CVE-2025-4593 WP Register Profile With Shortcode <= 3.6.2 - Authenticated (Contributor+) Sensitive Information Exposure

The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'rpuserdata' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive...

CVE-2024-1381

The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and higher, to extract sensitive user or...

CVE-2020-36723

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the /listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email...

CVE-2024-13796 Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.6 - Unauthenticated User Information Exposure

The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/getusers REST API This makes it possible for unauthenticated attackers to extract sensitive data includin...

CVE-2024-13796 Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.6 - Unauthenticated User Information Exposure

The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/getusers REST API This makes it possible for unauthenticated attackers to extract sensitive data includin...

CVE-2024-13525

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data...

CVE-2024-12315

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in t...

CVE-2025-24899

reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where an insider attacker with any role such as Auditor, Penetration Tester, or Sys Admin can extract sensitive information from other reNgine users. After running a scan and obtainin...

CVE-2024-13562

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data stored...

CVE-2023-5254 AI ChatBot <= 4.8.9 - Unauthenticated Sensitive Information Exposure via qcld_wb_chatbot_check_user

The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcldwbchatbotcheckuser function. This can allow unauthenticated attackers to extract sensitive data including confirmation as to whether a user name exists on the site ...

Open-Xchange: XSS on opening malicious OpenOffice presentation document

Title Opening a malicious OpenOffice presentation document may lead to cross site scripting XSS attacks Description When generating HTML content for drawings present in odp file, a div is generated by Drawing.java. The attribute target of this div is directly constructed from the field target...

Malicious Package

Overview Versions 2.4.3 and 2.4.2 of react-datepicker-plus contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from yo...

ManageEngine Applications Manager 11.0 &lt; 14.0 - SQL Injection / Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Applications Manager 11.0 %q This module exploits sql and command injection vulnerability in the ManageEngine AM 14 and prior version...

Malicious Package

Overview Version 1.0.5 of dictum.js contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.5 of this module is found installed y...