Solara <1.35.1 - Local File Inclusion

A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. ...

CVE-2025-65095

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to version 1.35.1, there is potential cross-site scripting on index and tree page. This issue has been patched in version 1.35.1...

CVE-2025-65095

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to version 1.35.1, there is potential cross-site scripting on index and tree page. This issue has been patched in version 1.35.1...

EUVD-2025-198237

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to version 1.35.1, there is potential cross-site scripting on index and tree page. This issue has been patched in version 1.35.1...

CVE-2025-65095 Lookyloo is vulnerable due to improper user input sanitization

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to version 1.35.1, there is potential cross-site scripting on index and tree page. This issue has been patched in version 1.35.1...

CVE-2025-65095 Lookyloo is vulnerable due to improper user input sanitization

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to version 1.35.1, there is potential cross-site scripting on index and tree page. This issue has been patched in version 1.35.1...

CVE-2025-65095 Lookyloo is vulnerable due to improper user input sanitization

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to version 1.35.1, there is potential cross-site scripting on index and tree page. This issue has been patched in version 1.35.1...

CVE-2025-65095

CVE-2025-65095 affects Lookyloo (web interface for capturing pages and displaying a domain-call tree). The vulnerability is a cross-site scripting issue originating from insufficient input sanitization on the index and tree pages in versions prior to 1.35.1. Exploitation details are not provided ...

PT-2025-47512

Name of the Vulnerable Software and Affected Versions Lookyloo versions prior to 1.35.1 Description Lookyloo, a web interface for capturing website pages and displaying domain call trees, contains a potential cross-site scripting issue on the index and tree pages. This allows for full DOM takeove...

EUVD-2020-23146

Malware in sbrugna...

EUVD-2020-23150

Malware in sbrugna...

EUVD-2025-30620

Malicious code in bioql PyPI...

CVE-2025-58007

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NerdPress Hubbub Lite social-pug allows Retrieve Embedded Sensitive Data.This issue affects Hubbub Lite: from n/a through = 1.35.2...

CVE-2025-58007

Technical details (affected product, version, root cause, impact, fixes) are not provided in the connected documents. Public details about CVE-2025-58007 are not present in the supplied material. Monitor for updates from vendors/security advisories.

PT-2025-38857

Name of the Vulnerable Software and Affected Versions NerdPress Social Pug versions through 1.35.1 Description A flaw exists in NerdPress Social Pug that allows the retrieval of embedded sensitive data, potentially exposing sensitive system information to an unauthorized control sphere...

GHSA-G9VW-6PVX-7GMW Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults

Summary A use-after-free UAF vulnerability in Envoy's DNS cache causes abnormal process termination. Envoy may reallocate memory when processing a pending DNS resolution, causing list iterator to reference freed memory. Details The vulnerability exists in Envoy's Dynamic Forward Proxy...

Linux Distros Unpatched Vulnerability : CVE-2020-35480

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.35.1. Missing users accounts that don't exist and hidden users accounts that have been explicitly hidden due to...

CVE-2024-9351

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the quiz 'createmodule' function. This makes it possible f...

WordPress Forminator plugin <= 1.35.1 - Missing Authorization to Authenticated Form Update and Creation vulnerability

Missing Authorization to Authenticated Form Update and Creation vulnerability discovered by wesley wcraft in WordPress Plugin Forminator versions = 1.35.1...

WordPress plugin Forminator Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...