Lucene search
K

95 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-17568

Malware in sbrugna...

5.4CVSS5.6AI score0.01087EPSS
Exploits3References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-8520

Malware in sbrugna...

6.1CVSS6.3AI score0.00812EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-0062

Malware in sbrugna...

3.5CVSS6.3AI score0.00967EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-23415

Malware in sbrugna...

6.5CVSS6.5AI score0.00839EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29258

Malicious code in bioql PyPI...

6.9CVSS6.4AI score0.00244EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-34196

Malicious code in bioql PyPI...

5.8CVSS5.7AI score0.00797EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-54992

Malicious code in bioql PyPI...

6.1CVSS5.8AI score0.00298EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-2443

Malicious code in bioql PyPI...

4CVSS6.3AI score0.01265EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2025/09/28 7:32 a.m.5 views

CVE-2025-11102 Campcodes Online Learning Management System edit_content.php sql injection

A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/editcontent.php. Executing manipulation of the argument Title can lead to sql injection. The attack can be launched remotely. The exploit has been made available t...

7.5CVSS6.7AI score0.00384EPSS
Exploits1References5
NVD
NVD
added 2025/09/15 9:15 p.m.4 views

CVE-2025-43799

Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has changed their initial password, whi...

6.9CVSS0.00244EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/15 8:19 p.m.10 views

CVE-2025-43799

Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has changed their initial password, whi...

6.9CVSS0.00244EPSS
Exploits0References1
Snyk
Snyk
added 2025/07/14 11:41 p.m.1 views

Cross-site Scripting (XSS)

Overview org.xwiki.rendering:xwiki-rendering-syntax-xhtml is a library for the XWiki Rendering Engine Affected versions of this package are vulnerable to Cross-site Scripting XSS via dependency on xdom+xml/current syntax. An attacker can execute arbitrary JavaScript code in the context of the...

9CVSS5.5AI score0.00325EPSS
Exploits0References2
Drupal
Drupal
added 2025/06/25 12:0 a.m.11 views

GLightbox - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-078

GLightbox module is a pure Javascript lightbox for CKEditor. The module doesn't sufficiently filter user-supplied text for the GLightbox Javascript library leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...

6.1CVSS5.5AI score0.00183EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 11:58 a.m.8 views

CVE-2025-22388

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting XSS vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or...

5.7CVSS5.7AI score0.00318EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:33 p.m.9 views

CVE-2020-36411

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Path for the pageimage tag:" or "Path for thumbnail field:" parameters under the "Content Editing Settings" module...

5.4CVSS5.6AI score0.00473EPSS
Exploits1
Drupal
Drupal
added 2025/05/07 12:0 a.m.16 views

IFrame Remove Filter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-051

This module enables you to add a filter to text formats Full HTML, Filtered HTML, which will remove every iframe where the "src" is not on the allowlist. The module doesn't sufficiently filter these iframes in certain situations. This vulnerability is mitigated by the fact that an attacker must b...

6.1CVSS6.8AI score0.00238EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/04/27 12:5 a.m.15 views

CVE-2025-46595

An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a module that allows flags to be added to nodes, comments, users, and any other type of entity. It doesn't verify flag links before performing the flag action, or verify that the response returned was provid...

6.4CVSS5.9AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/12 1:41 p.m.23 views

CVE-2025-30148

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The...

5.4CVSS6.5AI score0.00268EPSS
Exploits0References1
NVD
NVD
added 2025/04/10 1:15 p.m.16 views

CVE-2025-30148

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The...

5.4CVSS0.00268EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/10 1:2 p.m.21 views

CVE-2025-30148 Silverstripe Framework has a XSS vulnerability in HTML editor

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The...

5.4CVSS0.00268EPSS
Exploits0References3
Rows per page
Query Builder