EUVD-2024-33803

The WIP Incoming Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the saveoption function. This makes it possible for unauthenticated attackers to update settings and inject...

CVE-2026-1895

A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. Upgrading to version 8.21 is able to addre...

CVE-2026-1895 WeKan Attachment Storage lists.js applyWipLimit ListWIPBleed access control

A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. Upgrading to version 8.21 is able to addre...

CVE-2026-1895 WeKan Attachment Storage lists.js applyWipLimit ListWIPBleed access control

A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. Upgrading to version 8.21 is able to addre...

CVE-2026-1895

CVE-2026-1895 affects WeKan up to version 8.20, specifically the Attachment Storage Handler’s file models/lists.js , function applyWipLimit . The vulnerability arises from a manipulation that can lead to improper access controls and can be exploited remotely. The advisory states that upgrading to...

CVE-2026-1895

A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. Upgrading to version 8.21 is able to addre...

ACE SECURITY WIP-90113 访问控制错误漏洞

ACE SECURITY WIP-90113 is a high-definition camera from ACE SECURITY, Japan. The ACE SECURITY WIP-90113 suffers from an Access Control Error vulnerability that originates in the /web/cgi-bin/hi3510/backup.cgi endpoint that can remotely download a compressed configuration backup without...

EUVD-2006-6394

Malware in sbrugna...

EUVD-2020-20860

Malware in sbrugna...

EUVD-2024-34197

Malicious code in bioql PyPI...

EUVD-2025-11343

Malicious code in bioql PyPI...

EUVD-2022-45946

Malicious code in bioql PyPI...

EUVD-2025-8396

Malicious code in bioql PyPI...

CVE-2024-11779

The WIP WooCarousel Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wipwoocarouselproductscarousel' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-11416

The WIP Incoming Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the saveoption function. This makes it possible for unauthenticated attackers to update settings and inject...

CVE-2023-33313

Cross-Site Request Forgery CSRF vulnerability in ThemeinProgress WIP Custom Login plugin = 1.2.9 versions...

CVE-2022-42884

Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.This issue affects WIP Custom Login: from n/a through 1.2.7...

CVE-2025-39516

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alan Petersen Author WIP Progress Bar author-work-in-progress-bar allows DOM-Based XSS.This issue affects Author WIP Progress Bar: from n/a through = 1.0...

CVE-2025-39516

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alan Petersen Author WIP Progress Bar author-work-in-progress-bar allows DOM-Based XSS.This issue affects Author WIP Progress Bar: from n/a through = 1.0...

CVE-2025-39516

The CVE-2025-39516 entry is tied to the WordPress plugin Author WIP Progress Bar. The connected sources specify a DOM-based XSS due to improper input neutralization during web page generation, affecting Author WIP Progress Bar versions from n/a through 1.0. The initial and related records do not ...