24 matches found
EUVD-2019-11300
Malware in sbrugna...
EUVD-2009-2030
Malware in sbrugna...
EUVD-2019-8006
Malware in sbrugna...
EUVD-2023-44660
Malicious code in bioql PyPI...
EUVD-2023-55161
Malicious code in bioql PyPI...
EUVD-2022-43330
Malicious code in bioql PyPI...
EUVD-2021-9102
Malicious code in bioql PyPI...
CVE-2025-54962
/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files such as .html or .svg, and these are then publicly accessible under the /static URI...
CVE-2025-5529 Educenter <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Educenter theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Circle Counter Block in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-6061
The kk Youtube Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kkytv' shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-3898
CVE-2025-3898 affects Schneider Electric Modicon Controllers (M241/M251/M258/LMC058/M262). Affected components are in the Modicon Controllers’ web-facing/management interfaces where improper input validation allows an authenticated attacker to send HTTPS requests with invalid data (data types, ma...
CVE-2025-5103 Ultimate Gift Cards for WooCommerce <= 3.1.4 - Authenticated (Administrator+) SQL Injection via wps_wgm_save_post Function
The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to boolean-based SQL Injection via the 'defaultprice' and 'productid' parameters in all versions up to, and including, 3.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
CVE-2023-46170
IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to arbitrarily read files after enumerating file names...
CVE-2021-21877
Specially-crafted HTTP requests can lead to arbitrary command execution in “GET” requests. An attacker can make authenticated HTTP requests to trigger this vulnerability...
CVE-2020-5297
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server...
CVE-2025-27617 Pimcore Vulnerable to SQL Injection in getRelationFilterCondition
Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue...
CVE-2024-39703
In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary commands by sending a crafted request to an API endpoint...
CVE-2024-50358
A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The vulnerability can be exploited by authenticated users by restoring a tampered...
Missing Authorization
Mattermost is vulnerable to Missing Authorization. The vulnerability is due to a failure to check that the origin of the message in an integration action matches the original post metadata, which allows an authenticated user to delete an arbitrary post...
CVE-2024-27128 QTS, QuTS hero
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS...