CVE-2022-41534

Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /phpaction/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2020-19768

A lack of target address verification in the selfdestructs function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script...

CVE-2020-19767

A lack of target address verification in the destroycontract function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script...

CVE-2025-27997

CVE-2025-27997 affects Blizzard Battle.net (v2.40.0.15267). An attacker can escalate privileges by placing a crafted shell script or executable into the C:\ProgramData directory. The vulnerability is described with a local attack vector and a high impact per the CVSS 3.1 metrics (AV:L, AC:L, PR:N...

CVE-2025-46611

Cross Site Scripting vulnerability in ARTEC EMA Mail v6.92 allows an attacker to execute arbitrary code via a crafted script...

UBUNTU-CVE-2024-40446

An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script...

CVE-2024-40446

An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script...

CVE-2024-22880

Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0.11 allows a remote attacker to execute a arbitrary code via a crafted script to the webchat component...

CVE-2024-42733

An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary code via a crafted script to the UNC path input...

Cross-site Scripting

Tsup is vulnerable to DOM Clobbering. The vulnerability is due to DOM Clobbering caused by a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

tsup DOM Clobbering vulnerability

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

CVE-2024-53384

CVE-2024-53384 affects tsup v8.3.4 with a DOM Clobbering vulnerability that lets an attacker execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjs_shims.js components. The CVSS 3.1 vector shows a MEDIUM base score (5.1) with LOCAL attack vector, LOW a...

CVE-2024-53384

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

CVE-2025-25973

A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters...

CVE-2025-25973

A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters...

CVE-2025-25973

A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters...

CVE-2025-25973

CVE-2025-25973 affects Ppress v0.0.9 where a stored XSS flaw exists in the "related recommendations" feature. The vulnerability arises from crafted input to article.title, article.category, and article.tags, enabling a remote attacker to execute arbitrary code. Affected component is the related r...

CVE-2024-35102

Insecure Permissions vulnerability in VITEC AvediaServer Model avsrv-m8105 8.6.2-1 allows a remote attacker to escalate privileges via a crafted script...

CVE-2024-57000

CVE-2024-57000 is a duplicate of CVE-2023-48022. The connected records tie CVE-2023-48022 to a Ray remote code execution issue via the agent/job submission endpoint (affecting Ray v2.9.3–2.40.0; exploitation is demonstrated by a Metasploit module), with references from Nessus (Ray Dashboard Job R...

CVE-2024-57546

An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function...