205 matches found
EUVD-2012-2570
Malware in sbrugna...
EUVD-2010-1256
Malware in sbrugna...
EUVD-2020-0615
Malware in sbrugna...
EUVD-2024-26188
Malicious code in bioql PyPI...
EUVD-2025-28574
Malicious code in bioql PyPI...
EUVD-2025-27502
Malicious code in bioql PyPI...
EUVD-2025-29217
Malicious code in bioql PyPI...
EUVD-2024-54618
Malicious code in bioql PyPI...
EUVD-2025-15174
Malicious code in bioql PyPI...
PT-2025-39430
Name of the Vulnerable Software and Affected Versions vulnerability-lookup version 2.16.0 Description A cross-site scripting XSS issue exists in the handling of user-supplied input within the Bundles, Comments, and Sightings components of the software. Untrusted data was not properly sanitized...
CVE-2025-60249
CVE-2025-60249 affects vulnerability-lookup 2.16.0 and enables XSS via Bundles, Comments, and Sightings components (bundle.py, comment.py, user.py). The root cause is unsafe handling of user-supplied input, with untrusted data rendered in templates/tables due to innerHTML usage and insufficient v...
Cross-site Scripting (XSS)
Overview @lobehub/chat is a Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are...
PT-2025-38409
Name of the Vulnerable Software and Affected Versions Lobe Chat versions prior to 1.129.4 Description Lobe Chat, an open-source artificial intelligence chat framework, contains a cross-site scripting XSS issue in how it handles chat messages. Specifically, when a server response includes a...
CVE-2025-58172
drawnix is an all in one open-source whiteboard tool. In drawnix versions through 0.2.1, a cross-site scripting XSS vulnerability exists in the debug logging functionality. User controlled content is inserted directly into the DOM via innerHTML without sanitization when the global function...
CVE-2025-58172 drawnix debug logging cross-site scripting vulnerability
drawnix is an all in one open-source whiteboard tool. In drawnix versions through 0.2.1, a cross-site scripting XSS vulnerability exists in the debug logging functionality. User controlled content is inserted directly into the DOM via innerHTML without sanitization when the global function...
CVE-2025-58172 drawnix debug logging cross-site scripting vulnerability
drawnix is an all in one open-source whiteboard tool. In drawnix versions through 0.2.1, a cross-site scripting XSS vulnerability exists in the debug logging functionality. User controlled content is inserted directly into the DOM via innerHTML without sanitization when the global function...
CVE-2025-58172
The CVE-2025-58172 issue affects drawnix versions through 0.2.1, where the debug logging logger inserts untrusted content directly into the DOM via innerHTML without sanitization (in apps/web/src/app/app.tsx). The root cause is unsanitized user-controlled data being written to the DOM through the...
Cross-site Scripting (XSS)
com.liferay.portal, release.portal.bom is vulnerable to Stored DOM-based Cross-Site Scripting XSS. The vulnerability is due to improper handling of DDM structure field labels in the Asset Publisher configuration UI within the Source.js module, where values are inserted into the DOM using innerHTM...
CVE-2025-58768
DeepChat is a smart assistant uses artificial intelligence. Prior to version 0.3.5, in the Mermaid chart rendering component, there is a risky operation of directly using innerHTML to set user content. Therefore, any malicious content rendered via Mermaid will directly trigger the exploit chain,...
CVE-2025-58768
CVE-2025-58768 affects DeepChat prior to version 0.3.5, specifically in the Mermaid chart rendering component where user content is directly written via innerHTML. This creates an XSS vulnerability that can trigger an exploit chain, potentially allowing arbitrary JavaScript execution and arbitrar...