RPi-Jukebox-RFID 代码注入漏洞

RPi-Jukebox-RFID is a contactless jukebox for the Raspberry Pi from the individual developer Micz Flor in Germany. It can play audio files, playlists, podcasts, web streams and spotify triggered by RFID cards. A code injection vulnerability exists in RPi-Jukebox-RFID version 2.8.0 and earlier,...

PT-2025-37389

Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.8.0 Description: A cross site scripting issue exists in MiczFlor RPi-Jukebox-RFID. The vulnerability affects unknown code within the /htdocs/userScripts.php file. Manipulation of the Custom script...

CVE-2025-5352

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

CVE-2025-5352

CVE-2025-5352 describes a critical stored XSS in Lunary Analytics; the NEXT_PUBLIC_CUSTOM_SCRIPT environment variable is injected into the DOM via dangerouslySetInnerHTML without sanitization in Lunary versions

CVE-2025-5352 Environment Variable XSS in Analytics Component in lunary-ai/lunary

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

Environment Variable XSS in Analytics Component

Description A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This allows...

CVE-2025-30564

Cross-Site Request Forgery CSRF vulnerability in wpwox Custom Script Integration custom-script-integration allows Stored XSS.This issue affects Custom Script Integration: from n/a through = 2.1...

CVE-2025-30564

Cross-Site Request Forgery CSRF vulnerability in wpwox Custom Script Integration custom-script-integration allows Stored XSS.This issue affects Custom Script Integration: from n/a through = 2.1...

CVE-2025-30564 WordPress Custom Script Integration plugin <= - 2.1 Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in wpwox Custom Script Integration custom-script-integration allows Stored XSS.This issue affects Custom Script Integration: from n/a through = 2.1...

CVE-2025-30564 WordPress Custom Script Integration plugin <= - 2.1 Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in wpwox Custom Script Integration custom-script-integration allows Stored XSS.This issue affects Custom Script Integration: from n/a through = 2.1...

CVE-2025-30564

Technical details about CVE-2025-30564 are not provided in the connected documents. Public information appears limited; monitor for updates from the vendor/alerts to confirm affected products, exploit status, and fixes.

WordPress Custom Script Integration plugin <= - 2.1 Cross Site Request Forgery (CSRF) Vulnerability

2.1 Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Custom Script Integration versions = 2.1...

WordPress plugin Custom Script Integration 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Agenda Ransomware Targets VMWare vCenter & ESXi Servers Globally

Summary: Agenda ransomware, also known as Qilin, active since 2022, targets global victims across industries. Their latest tactic leverages a custom script to infect VMWare environments, potentially crippling virtual machines and causing data loss. Organizations should be aware of this threat and...

a2grunnerp (>=0.1.0 <=0.1.8), dcicsnovault (>=2.0.0b4 <=2.0.0b7) +7 more potentially affected by CVE-2023-41039 via restrictedpython (>=6.0.0 <=6.1.0)

restrictedpython PYPI version =6.0.0, =0.1.0, =2.0.0b4, =0.0.42a3, =2.10.0, =2025.9.5, =0.8.2b36, =4.8.4, =4.8.11 Source cves: CVE-2023-41039 Source advisory: OSV:GHSA-XJW2-6JM9-RF67...

a2grunnerp (>=0.1.0 <=0.1.8), dcicsnovault (>=2.0.0b4 <=2.0.0b7) +7 more potentially affected by CVE-2023-41039 via restrictedpython (>=6.0.0 <=6.1.0)

restrictedpython PYPI version =6.0.0, =0.1.0, =2.0.0b4, =0.0.42a3, =2.10.0, =2025.9.5, =0.8.2b36, =4.8.4, =4.8.11 Source cves: CVE-2023-41039 Source advisory: OSV:PYSEC-2023-159...

ManageEngine ADSelfService Plus < build 6122 Command Injection

According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6122. It is, therefore, affected by a command injection vulnerability which allows a remote authenticated administrator to execute arbitrary operating OS commands a...

Toxssin - An XSS Exploitation Command-Line Interface And Payload Generator

toxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting XSS vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by the malicious JavaScript payload that powers this tool toxin.js. This...

Malicious code in custom-script-vanilla-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 84fc81c2b96e23984a6c8521174966b25105451fd5b8110b6c6244423b0c8457 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2284 Malicious code in custom-script-vanilla-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 84fc81c2b96e23984a6c8521174966b25105451fd5b8110b6c6244423b0c8457 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...