29 matches found
EUVD-2018-13582
Malware in sbrugna...
EUVD-2025-19302
Malicious code in bioql PyPI...
EUVD-2023-46415
Malicious code in bioql PyPI...
EUVD-2025-28333
Malicious code in bioql PyPI...
EUVD-2024-30583
Malicious code in bioql PyPI...
EUVD-2023-40461
Malicious code in bioql PyPI...
PT-2025-39580
Name of the Vulnerable Software and Affected Versions Galaxy Weblinks Post Featured Video versions through 1.7 Description A Cross-Site Request Forgery issue exists in Galaxy Weblinks Post Featured Video. This allows for Cross Site Request Forgery attacks. Recommendations At the moment, there is ...
CVE-2025-58969
Missing Authorization vulnerability in Greg Winiarski Custom Login URL custom-login-url allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login URL: from n/a through = 1.0.2...
CVE-2025-58688
Cross-Site Request Forgery CSRF vulnerability in Casengo Casengo Live Chat Support the-casengo-chat-widget allows Stored XSS.This issue affects Casengo Live Chat Support: from n/a through = 2.1.4...
PT-2025-38836
Name of the Vulnerable Software and Affected Versions husani WP Subtitle versions through 3.4.1 Description The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-Site Scripting XSS. This means that malicious code can be injected...
CVE-2025-49446
Cross-Site Request Forgery CSRF vulnerability in minhlaobao Admin Notes admin-note allows Cross Site Request Forgery.This issue affects Admin Notes: from n/a through = 1.1...
CVE-2025-47587 WordPress YaySMTP plugin <= 2.6.4 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YaySMTP yaysmtp allows Blind SQL Injection.This issue affects YaySMTP: from n/a through = 2.6.4...
CVE-2025-39363
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Stored XSS.This issue affects Custom Login and Registration: from n/a through 1.0.0...
PT-2025-17802 · Unknown · Tomontoast Drop Caps
Name of the Vulnerable Software and Affected Versions: tomontoast Drop Caps versions n/a through 2.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...
PT-2025-17783 · Rahendra Putra K · Raphicon
Name of the Vulnerable Software and Affected Versions: Rahendra Putra K RAphicon versions n/a through 2.1.2 Description: The issue affects Rahendra Putra K RAphicon, allowing DOM-Based XSS due to improper neutralization of input during web page generation. This enables Cross-site Scripting attack...
CVE-2025-32266
Cross-Site Request Forgery CSRF vulnerability in wp-buy 404 Image Redirection Replace Broken Images broken-images-redirection allows Cross Site Request Forgery.This issue affects 404 Image Redirection Replace Broken Images: from n/a through = 1.4...
PT-2025-14703 · Unknown · Notfound Include-File
Name of the Vulnerable Software and Affected Versions: NotFound include-file versions n/a through 1 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, in the NotFound include-file. This vulnerability...
PT-2025-14043
Name of the Vulnerable Software and Affected Versions Ays Pro Quiz Maker versions n/a through 6.6.8.7 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendation...
PT-2025-14193 · Xtreme · Planyo
Name of the Vulnerable Software and Affected Versions: xtreeme Planyo online reservation system versions n/a through 3.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that a...
CVE-2025-25165
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in richardgabriel Staff Directory Plugin: Company Directory staff-directory-pro allows Stored XSS.This issue affects Staff Directory Plugin: Company Directory: from n/a through = 4.3...