241 matches found
EUVD-2012-2962
Malware in sbrugna...
EUVD-2004-2657
Malware in sbrugna...
EUVD-2013-7065
Malware in sbrugna...
EUVD-2013-7054
Malware in sbrugna...
EUVD-2025-30306
Malicious code in bioql PyPI...
EUVD-2025-25063
Malicious code in bioql PyPI...
EUVD-2025-25057
Malicious code in bioql PyPI...
EUVD-2022-2202
Malicious code in bioql PyPI...
EUVD-2025-25070
Malicious code in bioql PyPI...
EUVD-2025-25138
Malicious code in bioql PyPI...
CVE-2025-43812
Cross-site scripting XSS vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted...
CVE-2025-57876
CVE-2025-57876 is a stored XSS vulnerability in Esri Portal for ArcGIS 11.4 and earlier. An authenticated attacker with high privileges can inject a file containing an XSS script; when loaded, it could execute arbitrary JavaScript in the victim’s browser and potentially disclose a privileged toke...
CVE-2025-10136
The TweetThis Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tweetthis' shortcode in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9353
The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 7.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access an...
CVE-2025-9883
The Browser Sniff plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web script...
CVE-2025-9992
The CVE-2025-9992 entry concerns Ghost Kit – Page Builder Blocks, Motion Effects & Extensions for WordPress. It is vulnerable to Stored Cross-Site Scripting via the custom JS field in all versions up to and including 3.4.3, due to insufficient input sanitization and output escaping. Exploitation ...
CVE-2025-8686
The WP Easy FAQs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WPEASYFAQ shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
PT-2025-37156
The Enhanced BibliPlug plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bibliplug authors' shortcode in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9344
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uwpprofile' and 'uwpprofileheader' shortcodes in all versions up to, and including, 1.2.42 due to insufficient...
CVE-2025-8607
The SlingBlocks – Gutenberg Blocks by FunnelKit Formerly WooFunnels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block's attributes in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user suppli...