172 matches found
EUVD-2022-45807
Malicious code in bioql PyPI...
EUVD-2022-44889
Malicious code in bioql PyPI...
EUVD-2022-7326
Malicious code in bioql PyPI...
EUVD-2022-45816
Malicious code in bioql PyPI...
EUVD-2023-12508
Malicious code in bioql PyPI...
EUVD-2022-45813
Malicious code in bioql PyPI...
EUVD-2022-45812
Malicious code in bioql PyPI...
EUVD-2022-41598
Malicious code in bioql PyPI...
EUVD-2023-12658
Malicious code in bioql PyPI...
EUVD-2022-7414
Malicious code in bioql PyPI...
EUVD-2022-7394
Malicious code in bioql PyPI...
EUVD-2023-1222
Malicious code in bioql PyPI...
EUVD-2023-12532
Malicious code in bioql PyPI...
EUVD-2024-20703
Malicious code in bioql PyPI...
EUVD-2022-40406
Malicious code in bioql PyPI...
EUVD-2024-32898
Malicious code in bioql PyPI...
CVE-2025-54784 SuiteCRM is vulnerable to Cross Site Scripting (XSS) through its email viewer
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. There is a Cross Site Scripting XSS vulnerability in the email viewer in versions 7.14.0 through 7.14.6. An external attacker could send a prepared message to the inbox of the SuiteCRM-instance...
CVE-2024-6533
Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with...
CVE-2024-6534
Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with...
CVE-2023-0624
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...