117 matches found
PT-2025-44936
Name of the Vulnerable Software and Affected Versions EM Beer Manager plugin for WordPress versions through 3.2.3 Description The EM Beer Manager plugin for WordPress is susceptible to arbitrary file upload, potentially leading to remote code execution. This is a result of inadequate file type...
CVE-2025-34298
Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent...
CVE-2025-34298
Nagios Log Server (prior to 2024R1.3.2) contains a privilege escalation in the account email-change workflow. An attacker could set their own email to an invalid value, and due to insufficient validation and authorization checks tied to email identity state, trigger an inconsistent account state ...
PT-2025-44206
Name of the Vulnerable Software and Affected Versions Dataphone A920 version 2025.07.161103 Description A crafted packet, based on public documentation, can be sent to the device. Normally, the device should reject packets with arbitrary or trivial data in certain fields. However, due to...
WordPress AP Background plugin Arbitrary File Upload Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary file upload vulnerability exists in the WordPress AP Background plugin, which stems from a lack of authorization and insufficient file validation in the...
EUVD-2024-54919
Malicious code in bioql PyPI...
CVE-2025-9561
The AP Background plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization and insufficient file validation within the advParallaxBackAdminSaveSlider handler in versions 3.8.1 to 3.8.2. This makes it possible for authenticated attackers, with Subscriber-level acce...
PT-2025-38254
Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0 Description Dragonfly is a P2P-based file distribution and image acceleration system susceptible to a server-side request forgery SSRF vulnerability. This flaw allows users to force Dragonfly2’s components to...
WordPress plugin WP-Members Membership Plugin 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exist...
WordPress BetPress plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress BetPress plugin suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming...
CVE-2024-9648
The WP ULike Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the WPUlikeProFileUploader class in all versions up to, and including, 1.9.3. This makes it possible for unauthenticated attackers to upload limited arbitrary files like .php2...
CVE-2024-9648 WP ULike Pro <= 1.9.3 - Unauthenticated Limited Arbitrary File Upload
The WP ULike Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the WPUlikeProFileUploader class in all versions up to, and including, 1.9.3. This makes it possible for unauthenticated attackers to upload limited arbitrary files like .php2...
EUVD-2025-25255
A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role...
WordPress plugin Amazon Products to WooCommerce 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A code issue vulnerability exists in the WordPress Amazon Products to WooCommerce plugin that stems from insufficient validation of the function wcta2wgeturls, which can be...
VulnCheck KEV: CVE-2025-3515
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attackers to bypass the plugin's blacklist...
Traffic Offense Reporting System Cross-Site Request Forgery Vulnerability
Traffic Offense Reporting System is a traffic violation reporting system. The Traffic Offense Reporting System suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming from a trusted user. An attacker cou...
SAP Learning Solution 跨站请求伪造漏洞
SAP Learning Solution is an enterprise-wide learning management system from SAP. SAP Learning Solution suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming from a trusted user. An attacker could explo...
CVE-2024-42200
HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting XSS attack, due to a potentially weak validation of user input...
PT-2025-16376 · Hcl · Hcl Bigfix Web Reports
Name of the Vulnerable Software and Affected Versions: HCL BigFix Web Reports affected versions not specified Description: The issue is related to a potentially weak validation of user input, which might make HCL BigFix Web Reports subject to a Stored Cross-Site Scripting XSS attack...
The vulnerability of the modTMSM component in the Trend Micro Apex Central security monitoring and management tool allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the modTMSM component in the Trend Micro Apex Central security management and monitoring tool is related to insufficient checking of incoming requests. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...