229 matches found
CVE-2026-25581 SCEditor affected by DOM XSS via emoticon URL/HTML injection
SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration option...
CVE-2026-25581 SCEditor affected by DOM XSS via emoticon URL/HTML injection
SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration option...
CVE-2026-25581 SCEditor affected by DOM XSS via emoticon URL/HTML injection
SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration option...
CVE-2026-25581
SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration option...
SCEditor has DOM XSS via emoticon URL/HTML injection
If an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration options. Proof of concept: js sceditor.createtextarea, emoticons: dropdown: ':':...
MiracleLinux 4 : augeas-1.0.0-5.AXS4.1 (AXSA:2014-034:01)
The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2014-034:01 advisory. A library for programmatically editing configuration files. Augeas parses configuration files into a tree structure, which it exposes through its...
CVE-2025-41004 Multiple vulnerabilities in Imaster products Open configuration options
Imaster's Patient Records Management System is vulnerable to SQL Injection in the endpoint ‘/projects/hospital/admin/complaints.php’ through the ‘id’ parameter...
CVE-2019-16522
The eu-cookie-law plugin through 3.0.6 for WordPress aka EU Cookie Law GDPR is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An...
SUSE CVE-2025-68258
In the Linux kernel, the following vulnerability has been resolved: comedi: multiq3: sanitize config options in multiq3attach Syzbot identified an issue 1 in multiq3attach that induces a task timeout due to open or COMEDIDEVCONFIG ioctl operations, specifically, in the case of multiq3 driver. Thi...
PT-2025-49211
The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.13. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access an...
EUVD-2019-7199
Malware in sbrugna...
EUVD-2017-5815
Malware in sbrugna...
EUVD-2013-3791
Malware in sbrugna...
EUVD-2021-2003
Malware in sbrugna...
EUVD-2023-0727
Malicious code in bioql PyPI...
EUVD-2024-2684
Malicious code in bioql PyPI...
EUVD-2024-0192
Malicious code in bioql PyPI...
EUVD-2022-1719
Malicious code in bioql PyPI...
EUVD-2023-24398
Malicious code in bioql PyPI...
Missing Authorization
Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Missing Authorization in the profile menu. An authenticated user can access limited configuration information by listing available options in this menu without having...