49 matches found
CVE-2026-5361
The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the updategallerydata function and improper output escaping in the galleryinit function. The...
PT-2026-42113
The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses...
PT-2026-26672
A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. Th...
CVE-2025-67840
Multiple authenticated OS command injection vulnerabilities exist in the Cohesity formerly Stone Ram TranZman 4.0 Build 14614 through TZM1757588060SEP2025FULL.depot web application API endpoints including Scheduler and Actions pages. The appliance directly concatenates user-controlled parameters...
📄 WordPress Slider‑Future 1.0.5 Arbitrary File Upload
This is a Metasploit module that demonstrates an unauthenticated file upload vulnerability in WordPress Slider‑Future plugin version 1.0.5. ============================================================================================================================================= | Title :...
PT-2026-21953
Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description A flaw exists in Cisco Catalyst SD-WAN Manager that could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating...
CVE-2025-65127
A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users. By invoking "get" operations, attackers can obtain device...
Synology DiskStation Manager Cross-Site Request Forgery (CVE-2024-45538)
Cross-Site Request Forgery CSRF vulnerability in WebAPI Framework in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors. This plugin only works wit...
Moxa NPort 6100-G2 Series和Moxa NPort 6200-G2 Series 安全漏洞
The Moxa NPort 6100-G2 Series and Moxa NPort 6200-G2 Series are both a series of secure terminal servers from Moxa Corporation of Taiwan, China. A security vulnerability exists in the Moxa NPort 6100-G2 Series and Moxa NPort 6200-G2 Series that stems from a null byte injection in the device Web...
CVE-2024-5401
CVE-2024-5401 affects Synology DiskStation Manager (DSM) WebAPI and Synology Unified Controller (DSMUC). The vulnerability is described as an improper control of dynamically-managed code resources in the WebAPI component, allowing remote authenticated users to obtain privileges without consent vi...
EUVD-2018-20669
Malware in sbrugna...
EUVD-2024-54102
Malicious code in bioql PyPI...
EUVD-2022-32114
Malicious code in bioql PyPI...
EUVD-2024-26250
Malicious code in bioql PyPI...
EUVD-2025-27715
Malicious code in bioql PyPI...
EUVD-2024-41309
Malicious code in bioql PyPI...
EUVD-2025-7073
Malicious code in bioql PyPI...
EUVD-2025-29664
Malicious code in bioql PyPI...
CVE-2025-2407
Missing Authentication & Authorization in Web-API in Mobatime AMX MTAPI v6 on IIS allows adversaries to unrestricted access via the network. The vulnerability is fixed in Version 1.5...
CVE-2025-2407 Missing Authentication & Authorization in Web-API allows adversary unrestricted access
Missing Authentication & Authorization in Web-API in Mobatime AMX MTAPI v6 on IIS allows adversaries to unrestricted access via the network. The vulnerability is fixed in Version 1.5...