1306 matches found
EUVD-2022-28157
Malicious code in bioql PyPI...
EUVD-2025-23376
Malicious code in bioql PyPI...
EUVD-2025-31025
Malicious code in bioql PyPI...
EUVD-2022-4286
Malicious code in bioql PyPI...
EUVD-2023-28548
Malicious code in bioql PyPI...
EUVD-2025-31606
Malicious code in bioql PyPI...
EUVD-2022-28161
Malicious code in bioql PyPI...
EUVD-2022-48757
Malicious code in bioql PyPI...
EUVD-2025-30461
Malicious code in bioql PyPI...
CVE-2025-9333
CVE-2025-9333 affects the WordPress plugin Smart Docs. The vulnerability is a Stored Cross-Site Scripting flaw in admin settings for versions up to and including 1.1.1, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access with administrator-lev...
CVE-2025-9333 Smart Docs <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
The Smart Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2025-20356
A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-base...
CVE-2025-20361
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of...
CVE-2025-20357 Cisco CyberVision Center Reports Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-base...
CVE-2025-57877
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...
CVE-2025-57874
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...
CVE-2025-57875
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...
CVE-2025-57874
The CVE describes a reflected cross-site scripting (XSS) vulnerability in Esri Portal for ArcGIS, affecting version 11.4 and earlier. A remote authenticated attacker with administrative access can supply a crafted string that executes arbitrary JavaScript in the victim’s browser. Affected compone...
PT-2025-39858
Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 11.4 and below Description A reflected cross site scripting issue exists in Esri Portal for ArcGIS. A remote attacker with administrative access can inject a crafted string to execute arbitrary JavaScript code i...
CVE-2025-10747
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access and above, to...