WordPress MW WP Form plugin <= 5.1.1 - Unauthenticated Arbitrary File Move via regenerate_upload_file_keys vulnerability

Unauthenticated Arbitrary File Move via regenerateuploadfilekeys vulnerability discovered by Sander Horsman - Conda Security in WordPress Plugin MW WP Form versions = 5.1.1...

CVE-2026-39863 Kamailio Core: TCP Data Processing Vulnerability

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted data packet sent over TCP. The...

CVE-2026-23549

CVE-2026-23549 is a PHP Object Injection (deserialization) vulnerability in the WordPress plugin WpEvently mage-eventpress (affected:

PT-2026-20666

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through = 5.1.1...

CVE-2026-24942 WordPress WpEvently plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in magepeopleteam WpEvently mage-eventpress allows Cross Site Request Forgery.This issue affects WpEvently: from n/a through = 5.1.1...

CVE-2021-22875

Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the setPerPage parameter...

CVE-2020-36921

RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication...

RED-V Super Digital Signage System 安全漏洞

RED-V Super Digital Signage System is a digital signage system from RED-V, Italy. A security vulnerability exists in RED-V Super Digital Signage System version 5.1.1, which stems from the presence of an information disclosure vulnerability that could lead to unauthenticated access to sensitive we...

Security update 5.1.1 for Multi-Linux Manager Client Tools

This update fixes the following issues: dracut-saltboot was updated from version 0.1 to version 1.0.0: Version 1.0.0 bugs fixed: Reboot on salt key timeout bsc1237495 Fixed parsing files with space in the name bsc1252100 golang-github-prometheus-alertmanager was updated from version 0.26.0 to...

EUVD-2020-18394

Malware in sbrugna...

EUVD-2020-7166

Malware in sbrugna...

EUVD-2017-4751

Malware in sbrugna...

EUVD-2023-58274

Malicious code in bioql PyPI...

EUVD-2025-30569

Malicious code in bioql PyPI...

EUVD-2025-7807

Malicious code in bioql PyPI...

CVE-2025-58260

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Stored XSS.This issue affects Highlight and Share: from n/a through = 5.1.1...

CVE-2025-53583

Deserialization of Untrusted Data vulnerability in emarket-design Employee Spotlight employee-spotlight allows Object Injection.This issue affects Employee Spotlight: from n/a through = 5.1.1...

CVE-2025-53583

CVE-2025-53583 affects the WordPress Employee Spotlight plugin (versions n/a–5.1.1). It is a PHP Object Injection vulnerability caused by deserialization of untrusted data in Employee Spotlight. The entry is marked as Patched; remediation is to upgrade to a fixed version (≥5.1.1 or later) where t...

CVE-2024-38766

Cross-Site Request Forgery CSRF vulnerability in matomoteam Matomo Analytics matomo allows Cross Site Request Forgery.This issue affects Matomo Analytics: from n/a through = 5.1.1...

CVE-2024-47298

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through = 5.1.1...