66 matches found
CVE-2026-32722
CVE-2026-32722 concerns Bloomberg’s Memray Python memory profiler prior to v1.19.2, where the command line of the tracked process was rendered directly into generated HTML reports without escaping. This allowed attacker-controlled command-line metadata to be inserted as raw HTML, enabling JavaScr...
CVE-2026-32722
Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...
CVE-2026-32722 Memray-generated HTML reports vulnerable to Stored XSS via unescaped command-line metadata
Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...
Cross-site Scripting (XSS)
Overview pyspector is an A high-performance, security-focused static analysis tool for Python, powered by Rust. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the HTML report generation. An attacker can execute arbitrary JavaScript code in the victim's browser by...
Memray 跨站脚本漏洞
Memray is a memory analysis tool open source by Bloomberg. Versions of Memray prior to 1.19.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from HTML reports generated without escaping the command-line parameters of the tracking process. As a result, parameters...
Stored XSS in Memray-generated HTML reports via unescaped command-line metadata
Summary Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated report. This allowed JavaScript...
Vertex AI SDK 1.131.0 Cross Site Scripting Scanner
This script is a defensive behavioral security scanner designed to test whether HTML reports generated by the internal visualization module of the google-cloud-aiplatform part of Google Cloud improperly render unescaped user-controlled input...
Exploit for Cross-site Scripting in Bdtask Multi_Store_Inventory_Management_System
CVE-2024-2997 Scanner !Versionhttps://img.shields.io/badge...
Exploit for Cross-site Scripting in Bdtask Multi_Store_Inventory_Management_System
CVE-2024-2997 Scanner !Versionhttps://img.shields.io/badge...
Sentinel-X
!Licen...
CVE-2026-24490
MobSF is a mobile application security testing tool used. Prior to version 4.4.5, a Stored Cross-site Scripting XSS vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The...
CVE-2026-24490 MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field
MobSF is a mobile application security testing tool used. Prior to version 4.4.5, a Stored Cross-site Scripting XSS vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The...
CVE-2026-24490 MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field
MobSF is a mobile application security testing tool used. Prior to version 4.4.5, a Stored Cross-site Scripting XSS vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The...
Cross-site Scripting (XSS)
Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Cross-site...
EUVD-2019-1035
Malware in sbrugna...
EUVD-2024-51968
Malicious code in bioql PyPI...
EUVD-2022-7702
Malicious code in bioql PyPI...
cpvst
🛡️ CPVST - Cyber Prince Vulnerability Scanner Tool !Python...
CVE-2024-53442
whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component...
CVE-2022-46684
Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting XSS vulnerability...