Node.js Express DevMode Enabled

Node.js Express installed on the remote host is configured to operate in development mode devMode. While this environment can help speed up development of web applications, it can leak information about the underlying web applications as well as the installation of Express, Node.js. No source dat...

EUVD-2021-0753

Malware in sbrugna...

EUVD-2020-0274

Malware in sbrugna...

EUVD-2021-0742

Malware in sbrugna...

EUVD-2014-2424

Malware in sbrugna...

EUVD-2017-18417

Malware in sbrugna...

EUVD-2024-3380

Malicious code in bioql PyPI...

EUVD-2025-24826

Malicious code in bioql PyPI...

EUVD-2022-5727

Malicious code in bioql PyPI...

EUVD-2022-2471

Malicious code in bioql PyPI...

CVE-2025-7972

A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODEENV to ‘development’, the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers...

CVE-2025-7972

A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODEENV to ‘development’, the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers...

CVE-2025-7972 Rockwell Automation FactoryTalk® Linx Network Browser Security Bypass Vulnerability

A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODEENV to ‘development’, the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers...

Exploit for CVE-2025-54253

🔥 CVE-2025-54253 — Critical RCE Vulnerability in Adobe AEM For...

CVE-2024-45709

SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited...

CVE-2020-14146

KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATHINFO...

CVE-2019-10770

All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting XSS. This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to b...

CVE-2025-24786 Path traversal opening Sqlite3 database in WhoDB

WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...

PT-2025-5632 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue occurs when a website is set to the "dev" environment mode. In this mode, if a URL containing an XSS payload is provided, the payload will be executed in the resulting error...

Cross-site Scripting (XSS)

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the error message display mechanism. An attacker can inject malicious scripts that are executed in the user's browser by...