Exploit for Code Injection in Canto

Metersploit exploit module canto RCE CVE-2024-25096 This is a...

CVE-2025-67971 WordPress FluentCart plugin < 1.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPManageNinja FluentCart fluent-cart allows Reflected XSS.This issue affects FluentCart: from n/a through 1.3.0...

CVE-2026-0832

The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny use...

MiracleLinux 4 : icedtea-web-1.2.3-2.0.1.AXS4 (AXSA:2013-414:02)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2013-414:02 advisory. The IcedTea-Web project provides a Java web browser plugin, an implementation of Java Web Start originally based on the Netx project and a settings...

CVE-2023-4689

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eaesaveelements function. This makes it possible for unauthenticated attackers to enable/disable...

CVE-2025-10185 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.6 - Authenticated (Admin+) SQL Injection

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the action nfloadformentries in all versions up to, and including, 9.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...

EUVD-2012-3393

Malware in sbrugna...

EUVD-2013-1921

Malware in sbrugna...

EUVD-2013-1920

Malware in sbrugna...

EUVD-2012-3392

Malware in sbrugna...

EUVD-2022-40678

Malicious code in bioql PyPI...

EUVD-2022-45084

Malicious code in bioql PyPI...

WordPress plugin Directory Pro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

MAL-2025-43524 Malicious code in astro-sagitta-exobiology-html-webpack-plugin (npm)

The package astro-sagitta-exobiology-html-webpack-plugin was found to contain malicious code...

WordPress plugin AutoWP 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control disruption vulnerability exists in the WordPress plugin AutoWP, which stems from a lac...

PT-2025-33460 · WordPress · Bizcalendar Web

Name of the Vulnerable Software and Affected Versions: BizCalendar Web plugin for WordPress versions prior to 1.1.0.51 Description: The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion via the bizcalv shortcode. Authenticated attackers with Contributor-level access and...

WordPress esri-map-view cross-site scripting vulnerability

WordPress esri-map-view is used to embed Esri/ArcGIS maps or scenes in websites. The plugin realizes map display through short code, supports selecting base map, setting initial view angle, adding custom layers, pop-up information window and other functions, and can embed preconfigured web maps o...

org.glassfish.main.admingui:console-cluster-plugin (>=3.1.2 <=7.0.25), org.glassfish.main.admingui:console-commandrecorder-plugin (>=7.0.16 <=7.0.25) +15 more potentially affected by CVE-2024-9343 via org.glassfish.main.admingui:console-common (>=3.1.2 <=7.0.25)

org.glassfish.main.admingui:console-common MAVEN version =3.1.2, =3.1.2, =7.0.16, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =4.0, =3.1.2, =4.0, =3.1.2, =4.0, =4.0, =6.2.5, =4.1, =7.0.25 and more Source cves: CVE-2024-9343 Source advisory: OSV:GHSA-MQXX-C43H-JJ9V...

org.glassfish.main.admingui:console-cluster-plugin (>=3.1.2 <=9.0.0-M2), org.glassfish.main.admingui:console-commandrecorder-plugin (>=7.0.16 <=9.0.0-M2) +16 more potentially affected by CVE-2024-9343 via org.glassfish.main.admingui:console-common (>=3.1.2 <=9.0.0-M2)

org.glassfish.main.admingui:console-common MAVEN version =3.1.2, =3.1.2, =7.0.16, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =4.0, =3.1.2, =4.0, =3.1.2, =4.0, =4.0, =6.2.5, =9.0.0-M2 and more Source cves: CVE-2024-9343 Source advisory:...

CVE-2023-23871

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Webdzier Button plugin = 1.1.23 versions...