CVE-2025-13408 Foxtool All-in-One: Contact chat button, Custom login, Media optimize images <= 2.5.2 - Cross-Site Request Forgery to Google OAuth Connection

The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the foxtoollogingoogle function. This makes it...

CVE-2025-62866

Cross-Site Request Forgery CSRF vulnerability in Valerio Monti Auto Alt Text auto-alt-text allows Cross Site Request Forgery.This issue affects Auto Alt Text: from n/a through = 2.5.2...

Chyrp 跨站脚本漏洞

Chyrp is a lightweight blogging engine. A cross-site scripting vulnerability exists in Chyrp version 2.5.2, which originates from an authenticated user being able to inject malicious script into post titles, potentially leading to a stored cross-site scripting attack...

WordPress Auto Alt Text plugin <= 2.5.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Auto Alt Text versions = 2.5.2...

EUVD-2020-26459

Malware in sbrugna...

EUVD-2021-2474

Malware in sbrugna...

EUVD-2025-7861

Malicious code in bioql PyPI...

EUVD-2023-50045

Malicious code in bioql PyPI...

EUVD-2024-28412

Malicious code in bioql PyPI...

EUVD-2023-2185

Malicious code in bioql PyPI...

EUVD-2025-22485

Malicious code in bioql PyPI...

EulerOS Virtualization 2.13.1 : ppp (EulerOS-SA-2025-2187)

According to the versions of the ppp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.CVE-2024-58250 Tenable has extracted the preceding description...

CVE-2025-9776

The CatFolders – Tame Your WordPress Media Library by Category plugin for WordPress is vulnerable to time-based SQL Injection via the CSV Import contents in all versions up to, and including, 2.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

CVE-2025-9776

CVE-2025-9776 – CatFolders WordPress plugin (versions

WordPress plugin CatFolders SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

Linux Distros Unpatched Vulnerability : CVE-2024-28188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jupyter Scheduler is collection of extensions for programming jobs to run now or run on a schedule. The list of conda environments of jupyter-scheduler users...

Huawei EulerOS: Security Advisory for ppp (EulerOS-SA-2025-1983)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-7745

Buffer Over-read vulnerability in ABB AC500 V2.This issue affects AC500 V2: through 2.5.2...

CVE-2025-5093

The Responsive Lightbox & Gallery WordPress plugin before 2.5.2 use the Swipebox library which does not validate and escape title attributes before outputting them back in a page/post where used, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

WordPress plugin DocsPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...