PT-2026-33081

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate...

EUVD-2026-16719

AVideo's WebSocket Token Never Expires Due to Commented-Out Timeout Validation in verifyTokenSocket...

CVE-2026-34362

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the verifyTokenSocket function in plugin/YPTSocket/functions.php has its token timeout validation commented out, causing WebSocket tokens to never expire despite being generated with a 12-hour timeout. This allows...

CVE-2026-34362

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the verifyTokenSocket function in plugin/YPTSocket/functions.php has its token timeout validation commented out, causing WebSocket tokens to never expire despite being generated with a 12-hour timeout. This allows...

CVE-2026-20116

A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise Packaged CCE, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Unified Contact Center Express Unified CCX, and Cisco Unified Intelligence Center could allow an unauthenticate...

CVE-2025-14895

The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is due to the plugin not properly verifying that a user is authorized to access the /popup/logs REST API endpoint. This makes it possible for authenticated attackers, with...

CVE-2025-14895

The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is due to the plugin not properly verifying that a user is authorized to access the /popup/logs REST API endpoint. This makes it possible for authenticated attackers, with...

CVE-2025-14895

CVE-2025-14895 affects the WordPress PopupKit (Popup Builder Block) plugin up to version 2.2.0, enabling an authorization bypass that lets authenticated users with Subscriber-level access or higher read and delete analytics via the /popup/logs REST endpoint. The issue is a missing authorization c...

CVE-2025-14895 PopupKit <= 2.2.0 - Missing Authorization to Sensitive Information Disclosure and Data Deletion

The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is due to the plugin not properly verifying that a user is authorized to access the /popup/logs REST API endpoint. This makes it possible for authenticated attackers, with...

CVE-2026-20047

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to...

CVE-2022-0734

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that coul...

CVE-2025-20304

Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

CVE-2025-20304

Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

Malicious Package

Overview react-router-dom.js is a malicious package. This is a "typosquatting" package, which means the package name is based on existing repositories, namespaces, or components, it aims to trick users to download the package which contains a malicious code. Payload behavior The malicious payload...

Malicious Package

Overview deezcord.js is a malicious package. This is a "typosquatting" package, which means the package name is based on existing repositories, namespaces, or components, it aims to trick users to download the package which contains a malicious code. Payload behavior The malicious payload runs...

Malicious Package

Overview dezcord.js is a malicious package. This is a "typosquatting" package, which means the package name is based on existing repositories, namespaces, or components, it aims to trick users to download the package which contains a malicious code. Payload behavior The malicious payload runs npm...

EUVD-2017-3845

Malware in sbrugna...

EUVD-2018-1046

Malware in sbrugna...

EUVD-2019-4235

Malware in sbrugna...

EUVD-2017-3939

Malware in sbrugna...