EUVD-2022-41045

Malicious code in bioql PyPI...

EUVD-2023-28005

Malicious code in bioql PyPI...

EUVD-2022-52045

Malicious code in bioql PyPI...

EUVD-2023-12344

Malicious code in bioql PyPI...

EUVD-2025-23782

Malicious code in bioql PyPI...

EUVD-2024-2580

Malicious code in bioql PyPI...

EUVD-2023-12163

Malicious code in bioql PyPI...

EUVD-2023-12195

Malicious code in bioql PyPI...

PT-2025-27507

Name of the Vulnerable Software and Affected Versions: Opal Estate Pro – Property Management and Submission plugin for WordPress versions up to, and including, 1.7.5 Description: The issue is due to a lack of role restriction during registration in the on regiser user function, making it possible...

CVE-2025-49135 CVAT missing validation for in-progress backup upload names

CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter refers to a TUS-uploaded file belonging to the...

CVE-2025-49135

CVAT (open source CV annotation tool) versions 2.2.0–2.39.0 have a missing validation during the import of project/task backups, where the filename in the query parameter is not verified to refer to a TUS-uploaded file owned by the same user. An account with a user role who knows other users’ fil...

CVE-2024-0820

The Jobs for WordPress plugin before 2.7.4 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2024-3963

The Giveaways and Contests by RafflePress WordPress plugin before 1.12.14 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks...

CVE-2024-10473

The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks...

CVE-2023-0262

The WP Airbnb Review Slider WordPress plugin before 3.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...

CVE-2023-0082

The ExactMetrics WordPress plugin before 7.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0062

The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-3739

The WP Best Quiz WordPress plugin through 1.0 does not sanitize and escape some parameters, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks...

CVE-2022-4832

The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

CVE-2022-4114

The Superio WordPress theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Cross-Site Scripting attacks...