pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad from 0.4.0 to 0.5.0b3.dev97 contained security vulnerabilities. These vulnerabilities stemmed from the setconfigvalue API endpoint, which allowed users with non-administrator SETTINGS privileges to modify any...

CVE-2026-1978

A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The...

CVE-2026-1978

A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The...

CVE-2024-41255

filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go...

PT-2025-47262

Name of the Vulnerable Software and Affected Versions Top Friends plugin for WordPress versions prior to 0.4 Description The Top Friends plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is caused by a lack of nonce validation within the top friends options subpanel...

CVE-2025-64149

A cross-site request forgery CSRF vulnerability in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Jenkins Publish to Bitbucket Plugin 安全漏洞

Jenkins Publish to Bitbucket Plugin is an automated publishing plugin for Jenkins open source. A security vulnerability exists in Jenkins Publish to Bitbucket Plugin version 0.4 and earlier, which stems from vulnerability to a cross-site request forgery attack that could lead to the capture of...

PT-2025-44298

Name of the Vulnerable Software and Affected Versions Jenkins Publish to Bitbucket Plugin versions 0.4 and earlier Description A cross-site request forgery CSRF flaw exists in the Jenkins Publish to Bitbucket Plugin. This issue allows attackers to connect to a URL specified by the attacker,...

EUVD-2019-2050

Malware in sbrugna...

EUVD-2025-10630

Malicious code in bioql PyPI...

CVE-2025-7828

CVE-2025-7828 affects the WordPress plugin WP Filter & Combine RSS Feeds (versions up to 0.4). Root cause: missing capability check in post_listing_page(), allowing authenticated attackers with Contributor-level access and above to delete feeds (unauthorized modification of data). Public details ...

CVE-2025-7828 WP Filter & Combine RSS Feeds <= 0.4 - Missing Authorization to Authenticated (Contributor+) Feed Deletion

The WP Filter & Combine RSS Feeds plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the postlistingpage function in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2024-4356

The List categories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'categories' shortcode in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2021-31155

Failure to normalize the umask in please before 0.4 allows a local attacker to gain full root privileges if they are allowed to execute at least one command...

CVE-2019-1010316

pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. The impact is: False locking impression when run in a non-X11 session. The fixed version is: 0.4...

CVE-2025-31388

Cross-Site Request Forgery CSRF vulnerability in doa The World the-world allows Stored XSS.This issue affects The World: from n/a through = 0.4...

CVE-2024-53719

Cross-Site Request Forgery CSRF vulnerability in onigetoc Zajax – Ajax Navigation zajax-ajax-navigation allows Stored XSS.This issue affects Zajax – Ajax Navigation: from n/a through = 0.4...

CVE-2024-13366 Sandbox <= 0.4 - Reflected Cross-Site Scripting

The Sandbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'debug' parameter in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

PT-2025-2134 · WordPress · Sandbox

Name of the Vulnerable Software and Affected Versions: Sandbox plugin for WordPress versions up to and including 0.4 Description: The issue is related to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages through the...

WordPress Sandbox plugin <= 0.4 - Missing Authorization to Authenticated (Subscriber+) Sandbox Download vulnerability

Missing Authorization to Authenticated Subscriber+ Sandbox Download vulnerability discovered by Stiofan in WordPress Theme Sandbox versions = 0.4...