CVE-2025-63527

CVE-2025-63527 affects Blood Bank Management System 1.0. The XSS flaw exists in updateprofile.php and hprofile.php where user input is not properly sanitized/encoded, allowing injection of JavaScript via hname, hemail, hpassword, hphone, and hcity parameters. This input is rendered in the respons...

CVE-2025-20303

Cisco ISE and Cisco ISE-PIC web-based management interfaces have multiple vulnerabilities that allow an authenticated, remote attacker with at least a low-privileged account to perform a reflected XSS by injecting malicious input into specific pages. The issues stem from insufficient validation o...

CVE-2025-12642

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...

UBUNTU-CVE-2025-12642

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...

CVE-2025-12642

Lighttpd 1.4.80 is affected by an HTTP header smuggling vulnerability caused by incorrectly merging trailer fields into headers during request parsing. This can enable bypassing access controls and injecting unsafe input into backend logic that relies on headers, with potential for HTTP Request S...

PT-2025-41708

Name of the Vulnerable Software and Affected Versions HCL Unica MaxAI Assistant affected versions not specified Description HCL Unica MaxAI Assistant is susceptible to a HTML injection issue. An attacker could insert special characters that are processed client-side within the user’s session...

GHSA-R7R6-CC7P-4V5M python-ldap has sanitization bypass in ldap.filter.escape_filter_chars

Summary The sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and the non-default escapemode=1 is configured. Details The method ldap.filter.escapefilterchars supports 3...

EUVD-2021-22968

Malware in sbrugna...

EUVD-2020-9406

Malware in sbrugna...

EUVD-2012-2954

Malware in sbrugna...

EUVD-2018-3613

Malware in sbrugna...

CVE-2025-10692 OpenSupports 4.11.0 — SQL Injection

The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...

EUVD-2022-40965

Malicious code in bioql PyPI...

EUVD-2024-29103

Malicious code in bioql PyPI...

EUVD-2022-4370

Malicious code in bioql PyPI...

EUVD-2025-26919

Malicious code in bioql PyPI...

EUVD-2021-32554

Malicious code in bioql PyPI...

EUVD-2021-28345

Malicious code in bioql PyPI...

CVE-2025-58645

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Gravitate Gravitate Automated Tester gravitate-automated-tester allows Stored XSS.This issue affects Gravitate Automated Tester: from n/a through = 1.4.5...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the logoNavbar or logoLogin arguments in the SVG File Handler component of the /admin path. An attacker can inject and execute arbitrary scripts by supplying crafted input to these arguments. Details...