EUVD-2024-35539

Malicious code in bioql PyPI...

CVE-2024-35781

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in YAHMAN Word Balloon allows PHP Local File Inclusion.This issue affects Word Balloon: from n/a through 4.21.1...

WordPress YAHMAN Add-ons plugin <= 0.9.28 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin YAHMAN Add-ons versions = 0.9.28...

WordPress YAHMAN Add-ons Plugin <= 0.9.28 is vulnerable to Backdoor

Software YAHMAN Add-ons Type Plugin Vulnerable versions = 0.9.28 Fixed in 0.9.29 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 26c7f39721f9 Credits Sansec.io Required privilege Unauthenticated Published 3 July,...

CVE-2024-35781

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in YAHMAN Word Balloon allows PHP Local File Inclusion.This issue affects Word Balloon: from n/a through 4.21.1...

CVE-2024-35781

CVE-2024-35781 is a Word Balloon WordPress plugin vulnerability (authenticated) that allows PHP Local File Inclusion due to improper pathname limitation. Affected: Word Balloon up to and including version 4.21.1. Root cause: path traversal restricting access to restricted directories is insuffici...