CVE-2026-25442

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QantumThemes Kentha kentha allows Reflected XSS.This issue affects Kentha: from n/a through = 4.7.2...

CVE-2026-33417 Wallos: Password Reset Tokens Never Expire

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.2, password reset tokens in Wallos never expire. The passwordresets table includes a createdat timestamp column, but the token validation logic never checks it. A password reset token remains valid...

Wallos 代码问题漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.7.2 had code vulnerabilities. These vulnerabilities stemmed from the fact that the password reset token never expired, allowing attackers to use it at any time after intercepting the...

CVE-2026-25442

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QantumThemes Kentha allows Reflected XSS.This issue affects Kentha: from n/a through 4.7.2...

WordPress Kentha theme <= 4.7.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Kentha versions = 4.7.2...

CVE-2025-69093

Missing Authorization vulnerability in wpdesk ShopMagic shopmagic-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopMagic: from n/a through = 4.7.2...

CVE-2025-69093

Missing Authorization vulnerability in wpdesk ShopMagic shopmagic-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopMagic: from n/a through = 4.7.2...

PT-2025-53920

Name of the Vulnerable Software and Affected Versions wpdesk ShopMagic versions through 4.7.2 Description An authorization issue exists in wpdesk ShopMagic shopmagic-for-woocommerce, allowing exploitation of incorrectly configured access control security levels. Recommendations Update wpdesk...

CVE-2025-67717 Zitadel Discloses the Total Number of Instance Users

ZITADEL is an open-source identity infrastructure tool. Versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instance users to authenticated users, regardless of their specific permissions. While this does not leak individual user data or PII, disclosing the tot...

EUVD-2017-7938

Malware in sbrugna...

EUVD-2023-12531

Malicious code in bioql PyPI...

EUVD-2025-16585

Malicious code in bioql PyPI...

EUVD-2024-23204

Malicious code in bioql PyPI...

EUVD-2022-28793

Malicious code in bioql PyPI...

EUVD-2025-16584

Malicious code in bioql PyPI...

CVE-2025-3504 WP Maps < 4.7.2 - Admin+ Stored XSS

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-32038

Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh...

WordPress GD bbPress Attachments plugin <= 4.7.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin GD bbPress Attachments versions = 4.7.2...

CVE-2024-37316

Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or 4.7.2...

PT-2024-27473 · Nextcloud · Nextcloud Calendar

Name of the Vulnerable Software and Affected Versions: Nextcloud Calendar versions prior to 4.6.8 Nextcloud Calendar versions prior to 4.7.2 Description: The issue allows authenticated users to create an event with manipulated attachment data, leading to a bad redirect for participants when...