EUVD-2018-18904

Malware in sbrugna...

EUVD-2024-22372

Malicious code in bioql PyPI...

WordPress Brave Conversion Engine (PRO) plugin <= 0.7.7 - Authentication Bypass to Administrator vulnerability

Authentication Bypass to Administrator vulnerability discovered by Thái An in WordPress Plugin Brave Conversion Engine PRO versions = 0.7.7...

Advisory ROSA-SA-2025-2914

software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-7 affected versions tomcat-9.0.37-7 CVE-ID: CVE-2024-38286 BDU-ID: 2024-07738 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache Tomcat application server TLS protocol implementation is associated with uncontrolled...

WordPress SEO Metrics plugin <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin SEO Metrics versions = 1.0.15...

WordPress BerqWP plugin <= 2.2.42 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by mikemyers in WordPress Plugin BerqWP versions = 2.2.42...

WordPress GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin <= 2.8.97 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by mikemyers in WordPress Plugin GeoDirectory versions = 2.8.97...

WordPress CSS & JavaScript Toolbox plugin < 12.0.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Martin Herancourt in WordPress Plugin CSS & JavaScript Toolbox versions 12.0.3...

WordPress Support Board <= 3.8.0 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Support Board versions = 3.8.0...

WordPress Mediabay - WordPress Media Library Folders <= 1.4 - SQL Injection Vulnerability

WordPress Mediabay - WordPress Media Library Folders = 1.4 - SQL Injection Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Mediabay - WordPress Media Library Folders versions = 1.4...

WordPress URL Shortener <= 3.0.7 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by ch4r0n in WordPress Plugin URL Shortener versions = 3.0.7...

WordPress ProfileGrid plugin <= 5.9.5.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin ProfileGrid versions = 5.9.5.2...

WordPress Short URL plugin <= 1.6.8 - Subscriber+ SQLi vulnerability

Subscriber+ SQLi vulnerability discovered by Dao Xuan Hieu in WordPress Plugin Short URL versions = 1.6.8...

WordPress WPGYM plugin <= 65.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jingle Bells in WordPress Plugin WPGYM versions = 65.0...

WordPress WP Pipes plugin <= 1.4.3 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by LVT-tholv2k in WordPress Plugin WP Pipes versions = 1.4.3...

WordPress GoZen Forms plugin <= 1.1.5 - Unauthenticated SQL Injection via dirGZActiveForm() vulnerability

Unauthenticated SQL Injection via dirGZActiveForm vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin GoZen Forms versions = 1.1.5...

WordPress Easy Video Player Wordpress & WooCommerce Theme <= 10.0 is vulnerable to Arbitrary File Download

Software Easy Video Player Wordpress & WooCommerce Type Theme Vulnerable versions = 10.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Download CVE CVE-2025-28955 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 646c16d60f12 Credits 0xd4rk5id3...

WordPress PrivateContent - Mail Actions plugin <= 2.3.2 - Local File Inclusion vulnerability

WordPress PrivateContent - Mail Actions plugin = 2.3.2 - Local File Inclusion vulnerability discovered by Bonds in WordPress Plugin PrivateContent - Mail Actions versions = 2.3.2...

WordPress Click & Pledge Connect plugin <= 25.04010101-WP6.8 - Privilege Escalation via SQL Injection vulnerability

Privilege Escalation via SQL Injection vulnerability discovered by astra.r3verii in WordPress Plugin Click & Pledge Connect versions = 25.04010101-WP6.8...

WordPress TinySalt Theme < 3.10.0 is vulnerable to PHP Object Injection

Software TinySalt Type Theme Vulnerable versions 3.10.0 Fixed in 3.10.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49455 Patch priority High CVSS severity High 9.8 Developer LoftOcean PSID 832baca8d9fd Credits Bonds Required privilege Unauthenticated Published 9...