EUVD-2024-32991

Malicious code in bioql PyPI...

EUVD-2024-52254

Malicious code in bioql PyPI...

EUVD-2025-17843

Malicious code in bioql PyPI...

EUVD-2025-24226

Malicious code in bioql PyPI...

CVE-2025-8686

The WP Easy FAQs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WPEASYFAQ shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2025-34750 · WordPress · Wordpress Automatic Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Automatic Plugin versions prior to 3.118.0 Description: The WordPress Automatic Plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in one of its functions. This allows...

CVE-2025-7496

The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via DOM elements in all versions up to, and including, 6.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

CVE-2025-47014

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46970

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-47074

Context: CVE-2025-47074 affects Adobe Experience Manager (AEM) 6.5.22 and earlier. Details from connected sources confirm a stored Cross-Site Scripting (XSS) vulnerability that can be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields, leading to execut...

CVE-2025-46988 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46926

Summary: CVE-2025-46926 affects Adobe Experience Manager (AEM) 6.5.22 and earlier. The issue is a stored cross-site scripting (XSS) vulnerability in vulnerable form fields, exploitable by a low‑privileged attacker to inject malicious JavaScript that runs in a victim’s browser when the page is loa...

PT-2025-23143 · WordPress · Easy Digital Downloads

Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads – eCommerce Payments and Subscriptions plugin for WordPress versions up to, and including, 3.3.8.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output...

CVE-2024-3565

The Content Blocks Custom Post Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'contentblock' shortcode in all versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-3603

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osmmap' shortcode in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. This makes it possible...

CVE-2024-4892

The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘displayname’ parameter in versions up to, and including, 12.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissio...

Cross-site Scripting (XSS)

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Cross-site Scripting XSS. An attacker can bypass security measures and gain unauthorized access by exploiting this vulnerability. Details Cross-site...

Cross-site Scripting (XSS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS. An attacker can bypass security measures and gain unauthorized access by exploiting this vulnerability. Details Cross-site scripting or XSS is a...

CVE-2024-53962 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

PT-2025-5382 · Unknown +1 · Phpmyadmin +1

Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions prior to 5.2.2 Description: An issue has been discovered in the Insert tab of phpMyAdmin, where a Cross-Site Scripting XSS vulnerability has been found. This allows for malicious scripts to be injected into the webpage,...