EUVD-2025-9735

Malicious code in bioql PyPI...

EUVD-2023-31216

Malicious code in bioql PyPI...

CVE-2024-37239

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Branda branda-white-labeling.This issue affects Branda: from n/a through = 3.4.17...

CVE-2023-27440

Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through 3.4.17...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization in Validator.php via wildcard validation for file or image fields, such as files.. This allows a user to bypass validation rules. Remediation Upgrade macropay-solutions/laravel-crud-wizard-free to version 3.4.17 ...

CVE-2024-37239

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPMU DEV Branda allows Stored XSS.This issue affects Branda: from n/a through 3.4.17...

CVE-2024-37239 WordPress Branda plugin <= 3.4.17 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPMU DEV Branda allows Stored XSS.This issue affects Branda: from n/a through 3.4.17...

WordPress Branda plugin <= 3.4.17 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Fulan Engineering Patchstack Alliance in WordPress Plugin Branda versions = 3.4.17...

CVE-2024-5191

The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimetypes’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-5191

The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimetypes’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress plugin Branda security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-12130 · Onthegosystems · Onthegosystems Types

Name of the Vulnerable Software and Affected Versions: OnTheGoSystems Types versions 3.4.17 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects OnTheGoSystems Types. Recommendations: For versions 3.4.17 and earlier, update to a versio...

Statmic CMS vulnerable to account takeover via XSS and password reset link

Impact HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects: - front-end forms with asset fields without any mime type validation - asset fields in the control panel - asset browser in the control panel Additionally, if the XSS is crafted in a specific...

CVE-2024-24570 Statamic account takeover via XSS and password reset link

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...

PT-2024-20460 · Statamic · Statamic

Name of the Vulnerable Software and Affected Versions: Statamic versions prior to 3.4.17 Statamic versions prior to 4.46.0 Description: The issue allows HTML files crafted to look like jpg files to be uploaded, enabling cross-site scripting XSS attacks. This affects front-end forms with asset...