EUVD-2025-28052

Malicious code in bioql PyPI...

EUVD-2022-2163

Malicious code in bioql PyPI...

CVE-2025-59940

mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8...

CVE-2025-59940 mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders

mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8...

CVE-2025-59940

mkdocs-include-markdown-plugin (MkDocs) is affected in versions 7.1.7 and earlier due to unvalidated input colliding with substitution placeholders. The issue is resolved in version 7.1.8. Fedora advisories reference the same CVE-2025-59940 remediation. Impact details in the provided documents in...

Security Bulletin: Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.7 SP2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.7 SP2 are available to download from Cloudera and IBM. Vulnerability Details CVEID:CVE-2017-7657 DESCRIPTION: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked...

WordPress Total processing card payments for WooCommerce plugin <= 7.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Nomupay Payment Processing Gateway versions = 7.1.6...

CVE-2024-7422

CVE-2024-7422 (Theme My Login for WordPress) is a CSRF vulnerability in the Theme My Login plugin that affects multi-site WordPress installations. It arises from missing or incorrect nonce validation in the tml_admin_save_ms_settings() function, enabling an unauthenticated attacker to forge a req...

CVE-2024-1534

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-50167

Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content...

CVE-2023-50167

Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content...

CVE-2023-50167

Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content...

CVE-2023-2907

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Marksoft allows SQL Injection. This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605...

mPDF Unsafe Deserialization

mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage method of Image/ImageProcessor class that can result in Arbitry code execution, file write, etc.. This attack appears to be exploitable via attacker must host crafted image on victim...

WordPress Donorbox plugin <= 7.1.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability was discovered by Hassan Khan Yusufzai Splint3r7 in the WordPress Donorbox plugin versions = 7.1.6. Solution Update the WordPress Donorbox plugin to the latest available version at least 7.1.7...

CVE-2019-1000005

CVE-2019-1000005 affects mPDF up to version 7.1.7, where Image/ImageProcessor.getImage() is vulnerable to CWE-502 deserialization of untrusted data via phar:// crafted images, enabling arbitrary code execution or file write. The attack requires hosting a crafted image on the victim server and tri...

UBUNTU-CVE-2017-12933

The finishnesteddata function in ext/standard/varunserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP...

Fedora 26 : php (2017-b8bb4b86e2)

PHP version 7.1.7 06 Jul 2017 Core: - Fixed bug php74738 Multiple PATH= and HOST= sections not properly parsed. Manuel Mausz - Fixed bug php74658 Undefined constants in array properties result in broken properties. Laruence - Fixed misparsing of abstract unix domain socket names. Sara - Fixed bug...

PHP < 5.6.31, 7.0.x < 7.0.21, 7.1.x < 7.1.7 Multiple Vulnerabilities (Jul 2017) - Linux

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

Apple Safari Multiple Vulnerabilities-01 (Jul 2015) - Mac OS X

Apple Safari is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari"; ifdescription...