VulnCheck KEV: CVE-2026-28414

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ change...

CVE-2026-28414

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ change...

CVE-2026-23796 Session Fixation in Quick.Cart

Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...

CVE-2026-23797 Plaintext password display in Quick.Cart

In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...

CVE-2025-69180 WordPress Ultra Portfolio plugin <= 6.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Blind SQL Injection.This issue affects Ultra Portfolio: from n/a through = 6.7...

CVE-2025-67684

Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. This allows an attacker to include and execute uploaded PHP code,...

CVE-2025-67683

CVE-2025-67683 (Quick.Cart) is a reflected XSS vulnerability caused by the sSort parameter. The issue allows an attacker to craft a URL that, when opened by a victim, executes arbitrary JavaScript in the browser. Public references in the provided documents indicate that only version 6.7 was teste...

CVE-2021-22512

Cross-Site Request Forgery CSRF vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow form validation without permission checks...

CVE-2021-22513

Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks...

CiviCRM 安全漏洞

CiviCRM is an open source, cloud-based member relationship management CRM system developed specifically to meet the needs of nonprofit and association-based organizations. A security vulnerability exists in CiviCRM versions prior to 6.7 that stems from the Accounting Batches field being vulnerabl...

EUVD-2019-13119

Malware in sbrugna...

EUVD-2019-13118

Malware in sbrugna...

EUVD-2018-10101

Malware in sbrugna...

EUVD-2006-7202

Malware in sbrugna...

EUVD-2019-13121

Malware in sbrugna...

EUVD-2022-3933

Malicious code in bioql PyPI...

CVE-2020-3955

ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base sco...

WordPress plugin ARMember Premium security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Minor update (7) for Vivaldi Desktop Browser 6.7

Download Vivaldi The following improvements were made since the sixth 6.7 minor update: Chromium Upgraded 124.0.6367.236 CVE-2024-5274: NB. Chromium updates may include security enhancements or fixes, crash fixes, or website compatibility updates. Main photo byRuarí Ødegaard...

DEBIAN-CVE-2024-25111

Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunke...