5124 matches found
EUVD-2022-41056
Malicious code in bioql PyPI...
EUVD-2025-0110
Malicious code in bioql PyPI...
EUVD-2025-21134
Malicious code in bioql PyPI...
EUVD-2024-22233
Malicious code in bioql PyPI...
EUVD-2024-16545
Malicious code in bioql PyPI...
EUVD-2024-33129
Malicious code in bioql PyPI...
EUVD-2025-25291
Malicious code in bioql PyPI...
EUVD-2022-15600
Malicious code in bioql PyPI...
CVE-2025-56515
File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...
Fiora chat group avatar is vulnerable to XSS via SVG files
File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...
CVE-2025-56515
File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...
CVE-2025-56515
File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...
CVE-2025-56515
File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...
CVE-2025-56515
CVE-2025-56515 affects Fiora chat application 1.0.0. The issue is in the user avatar SVG upload: content is not validated, allowing SVGs with foreignObject, iframe elements and JavaScript event handlers (e.g., onmouseover) to be uploaded and stored. When rendered, these SVGs execute arbitrary Jav...
CVE-2025-56515
File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...
CVE-2025-57769
FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below contain a vulnerability where a specially crafted page can trick a user into executing arbitrary JS code or promoting a user in FreshRSS by obscuring UI elements in iframes. If embedding an authenticated iframe is possibl...
CVE-2025-57769
CVE-2025-57769 affects FreshRSS
CVE-2025-57769 FressRSS: Clickjacking can lead to XSS and/or privilege escalation
FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below contain a vulnerability where a specially crafted page can trick a user into executing arbitrary JS code or promoting a user in FreshRSS by obscuring UI elements in iframes. If embedding an authenticated iframe is possibl...
PT-2025-39905
Name of the Vulnerable Software and Affected Versions FreshRSS versions 1.26.3 and below Description FreshRSS is a free, self-hostable RSS aggregator susceptible to a flaw where a crafted page can mislead a user into executing arbitrary JavaScript code or elevating privileges within FreshRSS. Thi...
Malicious code in @discord-external/activity-iframe-sdk (npm)
The package @discord-external/activity-iframe-sdk was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security c4df7af2ceae80fdc052edf95094a378287786ae21cfec9a6104a2af2b1d9b98 This package installs a dependency hosted on a cust...