EUVD-2025-26237

Malicious code in bioql PyPI...

EUVD-2025-24738

Malicious code in bioql PyPI...

EUVD-2025-24739

Malicious code in bioql PyPI...

CVE-2025-53838

LinkAce is a self-hosted archive to collect website links. A stored cross-site scripting XSS vulnerability was discovered in versions prior to 2.1.9 that allows an attacker to inject arbitrary JavaScript, which is then executed in the context of a user's browser when the malicious link is clicked...

CVE-2025-53838 LinkAce has a Stored One Click XSS vulnerability

LinkAce is a self-hosted archive to collect website links. A stored cross-site scripting XSS vulnerability was discovered in versions prior to 2.1.9 that allows an attacker to inject arbitrary JavaScript, which is then executed in the context of a user's browser when the malicious link is clicked...

CVE-2025-9671 UAB Paytend App com.passport.cash AndroidManifest.xml improper export of android application components

A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.passport.cash. Executing manipulation can lead to improper export of android application components. The attack needs to be launched...

Linux Distros Unpatched Vulnerability : CVE-2021-41116

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are...

WordPress IDonatePro plugin <= 2.1.9 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin IDonatePro versions = 2.1.9...

CVE-2025-30639

Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through = 2.1.9...

CVE-2025-30639

Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through = 2.1.9...

CVE-2025-30635

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeAtelier IDonatePro idonate-pro allows PHP Local File Inclusion.This issue affects IDonatePro: from n/a through = 2.1.9...

CVE-2025-30639

CVE-2025-30639 is a Missing Authorization vulnerability affecting the WordPress plugin IDonatePro (ThemeAtelier) up to version 2.1.9. The available documents indicate an access control misconfiguration that could allow an attacker to access restricted functionality or data without proper authoriz...

CVE-2025-30639 WordPress IDonatePro Plugin <= 2.1.9 - Broken Access Control Vulnerability

Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through = 2.1.9...

PT-2025-33160 · Unknown · Idonatepro

Name of the Vulnerable Software and Affected Versions: IDonatePro versions through 2.1.9 Description: IDonatePro is susceptible to a PHP Local File Inclusion due to improper control of filename for include/require statements. This allows for the inclusion of local files. Recommendations: Update...

WordPress plugin IDonatePro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2023-47524

Unauth. Reflected Cross-Site Scripting XSS vulnerability requires PHP 8.x in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin = 2.1.9 versions...

CVE-2019-19833

In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. Also, anonymous access can be achieved in applications that do not have a user login area...

CVE-2025-47448

Cross-Site Request Forgery CSRF vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through = 2.1.9...

CVE-2025-47448

Cross-Site Request Forgery CSRF vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through = 2.1.9...

CVE-2025-47448 WordPress WP Hotel Booking plugin <= 2.1.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through = 2.1.9...