Pac4J JWT < 4.5.9 / 5.x < 5.7.9 / 6.x < 6.3.3 Authentication Bypass (CVE-2026-29000) (Direct Check)

Binary data pac4jjwtauthenticationbypasscve-2026-29000.nbin...

Live Server 安全漏洞

Live Server is a local development server personally developed by Ritwick Dey. Version 5.7.9 of Live Server contains a security vulnerability, which stems from user interactions with specially crafted HTML pages, potentially leading to file leaks...

ProfileGrid <= 5.7.8 - SQL Injection

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.8 due to insufficient escaping on the user supplied 'search' parameter and lack of sufficient preparation on the existing SQL query. id: CVE-2024-30490...

EUVD-2016-0634

Malware in sbrugna...

EUVD-2022-1799

Malicious code in bioql PyPI...

EUVD-2023-23644

Malicious code in bioql PyPI...

EUVD-2022-1619

Malicious code in bioql PyPI...

CVE-2024-32808

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9...

CVE-2022-24873

Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plug...

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-24882 · Unknown · Metagauss Profilegrid

Name of the Vulnerable Software and Affected Versions: Metagauss ProfileGrid versions through 5.7.9 Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This allows for potential unauthorized access. Recommendations: For versions through 5.7.9,...

WordPress ProfileGrid Plugin <= 5.7.9 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32772 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0b59bd9029de Credits Kyle Sanchez...

WordPress ProfileGrid Plugin <= 5.7.9 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32808 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b60c26e035a2 Credits Kyle Sanchez...

PT-2024-23429

Name of the Vulnerable Software and Affected Versions WP Travel Engine versions through 5.7.9 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting malicious...

WordPress WP Travel Engine Plugin <= 5.7.9 is vulnerable to SQL Injection

Software WP Travel Engine Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30502 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 275fbb9060ec Credits Yudistira Arya Required privilege...

CVE-2023-6600

The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the updatesettings function hooked via admininit in all versions up to, and including, 5.7.9. Th...

CVE-2023-6600 OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. <= 5.7.9 - Missing Authorization to Unauthenticated Directory Deletion and Cross-Site Scripting

The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the updatesettings function hooked via admininit in all versions up to, and including, 5.7.9. Th...

CVE-2023-1388

A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable...

Command injection

A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. The malicious file is executed by running the TA deployment feature located in the System Tree...