π¨ CVE-2025-47650
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Infility Infility Global allows Path Traversal. This issue affects Infility Global: from n/a through 2.14.7.
π@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Infility Infility Global allows Path Traversal. This issue affects Infility Global: from n/a through 2.14.7.
π@cveNotify
Patchstack
WordPress Infility Global <= 2.14.7 - Arbitrary File Download Vulnerability - Patchstack
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-48142
Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify allows Privilege Escalation. This issue affects Bookify: from n/a through 1.0.9.
π@cveNotify
Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify allows Privilege Escalation. This issue affects Bookify: from n/a through 1.0.9.
π@cveNotify
Patchstack
WordPress Bookify <= 1.0.9 - Privilege Escalation Vulnerability - Patchstack
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-48148
Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Using Malicious Files. This issue affects StoreKeeper for WooCommerce: from n/a through 14.4.4.
π@cveNotify
Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Using Malicious Files. This issue affects StoreKeeper for WooCommerce: from n/a through 14.4.4.
π@cveNotify
Patchstack
WordPress StoreKeeper for WooCommerce Plugin <= 14.4.4 - Arbitrary File Upload Vulnerability - Patchstack
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-48149
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx Cook&Meal allows PHP Local File Inclusion. This issue affects Cook&Meal: from n/a through 1.2.3.
π@cveNotify
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx Cook&Meal allows PHP Local File Inclusion. This issue affects Cook&Meal: from n/a through 1.2.3.
π@cveNotify
Patchstack
WordPress Cook&Meal <= 1.2.3 - Local File Inclusion Vulnerability - Patchstack
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-32947
This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities.
π@cveNotify
This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities.
π@cveNotify
GitHub
Fix infinite loop in AP crawl Β· Chocobozzz/PeerTube@76226d8
ActivityPub-federated video streaming platform using P2P directly in your web browser - Fix infinite loop in AP crawl Β· Chocobozzz/PeerTube@76226d8
π¨ CVE-2025-5497
A vulnerability was detected in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. Performing manipulation of the argument cnt_text results in deserialization. The attack can be initiated remotely. The exploit is now public and may be used. Upgrading to version 1.9.46 and 1.10.9 is sufficient to resolve this issue. The patch is named 41a72eca0baa9d9d0214fec97db2400bc082d2a9. It is recommended to upgrade the affected component.
π@cveNotify
A vulnerability was detected in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. Performing manipulation of the argument cnt_text results in deserialization. The attack can be initiated remotely. The exploit is now public and may be used. Upgrading to version 1.9.46 and 1.10.9 is sufficient to resolve this issue. The patch is named 41a72eca0baa9d9d0214fec97db2400bc082d2a9. It is recommended to upgrade the affected component.
π@cveNotify
GitHub
cve_repo/phpwcms/phar vulnerability in phpwcms.md at main Β· 3em0/cve_repo
make cve request. Contribute to 3em0/cve_repo development by creating an account on GitHub.
π¨ CVE-2025-5914
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
π@cveNotify
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
π@cveNotify
π¨ CVE-2024-39954
CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources.
Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue.
π@cveNotify
CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources.
Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue.
π@cveNotify
π¨ CVE-2025-5260
Server-Side Request Forgery (SSRF) vulnerability in Pik Online YazΔ±lΔ±m ΓΓΆzΓΌmleri A.Ε. Pik Online allows Server Side Request Forgery.This issue affects Pik Online: before 3.1.5.
π@cveNotify
Server-Side Request Forgery (SSRF) vulnerability in Pik Online YazΔ±lΔ±m ΓΓΆzΓΌmleri A.Ε. Pik Online allows Server Side Request Forgery.This issue affects Pik Online: before 3.1.5.
π@cveNotify
π¨ CVE-2025-5261
Authorization Bypass Through User-Controlled Key vulnerability in Pik Online YazΔ±lΔ±m ΓΓΆzΓΌmleri A.Ε. Pik Online allows Exploitation of Trusted Identifiers.This issue affects Pik Online: before 3.1.5.
π@cveNotify
Authorization Bypass Through User-Controlled Key vulnerability in Pik Online YazΔ±lΔ±m ΓΓΆzΓΌmleri A.Ε. Pik Online allows Exploitation of Trusted Identifiers.This issue affects Pik Online: before 3.1.5.
π@cveNotify
π₯1
π¨ CVE-2020-27223
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of βqualityβ (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
π@cveNotify
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of βqualityβ (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
π@cveNotify
π¨ CVE-2025-5914
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
π@cveNotify
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
π@cveNotify
π¨ CVE-2025-57727
In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference
π@cveNotify
In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference
π@cveNotify
JetBrains
Fixed security issues
This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.
π¨ CVE-2025-57728
In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files
π@cveNotify
In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files
π@cveNotify
JetBrains
Fixed security issues
This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.
π¨ CVE-2025-57729
In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start
π@cveNotify
In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start
π@cveNotify
JetBrains
Fixed security issues
This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.
π¨ CVE-2025-57730
In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature
π@cveNotify
In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature
π@cveNotify
JetBrains
Fixed security issues
This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.
π₯1
π¨ CVE-2025-9173
A weakness has been identified in Emlog Pro up to 2.5.18. This issue affects some unknown processing of the file /admin/media.php?action=upload&sid=0. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A weakness has been identified in Emlog Pro up to 2.5.18. This issue affects some unknown processing of the file /admin/media.php?action=upload&sid=0. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
# Projectworlds emlog Project V2.5.18 /admin/media.php?action=upload&sid=0 File unrestricted upload Β· Issue #2 Β· lan041221/cvec
Projectworlds emlog Project V2.5.18 /admin/media.php?action=upload&sid=0 File unrestricted upload NAME OF AFFECTED PRODUCT(S) emlog Vendor Homepage emlog.net AFFECTED AND/OR FIXED VERSION(S) su...
π₯1
π¨ CVE-2024-2092
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
π¨ CVE-2024-5765
The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
π@cveNotify
The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
π@cveNotify
WPScan
WpStickyBar <= 2.1.0 - Unauthenticated SQLi
See details on WpStickyBar <= 2.1.0 - Unauthenticated SQLi CVE 2024-5765. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-6226
The WpStickyBar WordPress plugin through 2.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
π@cveNotify
The WpStickyBar WordPress plugin through 2.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
π@cveNotify
WPScan
WpStickyBar <= 2.1.0 - Reflected XSS
See details on WpStickyBar <= 2.1.0 - Reflected XSS CVE 2024-6226. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-4401
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βidβ and 'eae_slider_animation' parameters in all versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βidβ and 'eae_slider_animation' parameters in all versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify