EUVD-2024-32768

Malicious code in bioql PyPI...

EUVD-2024-37277

Malicious code in bioql PyPI...

EUVD-2021-3552

Malicious code in bioql PyPI...

EUVD-2025-10819

Malicious code in bioql PyPI...

EUVD-2024-42514

Malicious code in bioql PyPI...

EUVD-2024-26980

Malicious code in bioql PyPI...

EUVD-2025-13952

Malicious code in bioql PyPI...

PT-2025-39547

Name of the Vulnerable Software and Affected Versions 8theme XStore versions through 9.5.3 Description The software contains a flaw related to improper handling of script-related HTML tags on a web page, potentially leading to code injection. This issue is identified as a Basic Cross-Site Scripti...

CVE-2025-57928

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Code Injection.This issue affects AWP Classifieds: from n/a through = 4.4.3...

Cross-site Scripting (XSS)

Overview mailgen is a Generates clean, responsive HTML e-mails for sending transactional mail. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the generatePlaintext function. An attacker can inject arbitrary HTML content into plaintext emails by supplying crafted...

CVE-2025-57928

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Code Injection.This issue affects AWP Classifieds: from n/a through = 4.4.3...

PT-2025-38779

Name of the Vulnerable Software and Affected Versions AWP Classifieds versions through 4.3.5 Description A flaw exists in Strategy11 Team AWP Classifieds that allows code injection due to improper neutralization of script-related HTML tags on a web page. This is a Basic Cross-Site Scripting XSS...

Linux Distros Unpatched Vulnerability : CVE-2022-31187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licens...

PT-2025-33250 · Unknown · Radiustheme Classified Listing

Name of the Vulnerable Software and Affected Versions: RadiusTheme Classified Listing versions through 5.0.0 Description: The software contains an Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS issue that allows Code Injection. Recommendations: At the moment, there is...

CVE-2025-6078

CVE-2025-6078 affects Partner Software’s Partner Software and Partner Web applications. An authenticated user can submit notes on the Notes page in a job view, and input is not fully sanitized, allowing HTML/JavaScript in notes and resulting in stored XSS. Public details from multiple sources con...

Cross-site Scripting (XSS)

Overview markdown2 is a fast and complete Python implementation of Markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS in safemode due to improper handling of incomplete HTML tags. The encodeincompletetags function fails to properly check for auto links, allowin...

CVE-2025-27358

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Code Injection.This issue affects Frontend File Manager: from n/a through = 23.6...

Toc.js - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-077

This module enables you to generate Table of content of your pages given a configuration. The module doesn't sufficiently sanitise data attributes allowing persistent Cross-site Scripting XSS attacks. This vulnerability is mitigated by the fact that an attacker must have a role with permission to...

BIT-DJANGO-2025-32873

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...

Regular Expression Denial Of Service (ReDoS)

marked is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expressions due to catastrophic backtracking when parsing HTML tags and markdown links with specially crafted input...