38 matches found
Partial String Comparison
Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Partial String Comparison due to the replaceInputsWithConfig logic in packages/server/src/utils/index.ts. An attacker can override flow parameters by supplying a crafted override configuratio...
EUVD-2026-14591
OpenClaw before 2026.2.19 contains a command injection vulnerability in tools.exec.safeBins that allows attackers to bypass stdin-only restrictions using sort output flags or recursive grep flags. Attackers can exploit this to perform arbitrary file writes via sort -o or recursive file reads via...
CVE-2026-31996
OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags or recursive grep flags. Attackers with command execution access can leverage sort -o flag for...
EUVD-2024-23538
Malicious code in bioql PyPI...
EUVD-2022-48992
Malicious code in bioql PyPI...
PT-2025-26965 · Drupal · Drupal Simple Xml Sitemap
Name of the Vulnerable Software and Affected Versions: Drupal Simple XML sitemap versions 0.0.0 through 4.2.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows an attacker to perform Cross-Site...
PT-2025-25704 · Unknown · Rustaurius Ultimate Reviews
Name of the Vulnerable Software and Affected Versions: Rustaurius Ultimate Reviews versions n/a through 3.2.14 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. Recommendations: For version...
PT-2025-17101 · Unknown · Ione360 Configurator
Name of the Vulnerable Software and Affected Versions: iONE360 configurator versions 2.0.0 through 2.0.56 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS in the iONE360 configurator...
PT-2025-14420 · Mad Fish Digital · Mad Fish Digital Bulk Noindex & Nofollow Toolkit
Name of the Vulnerable Software and Affected Versions: madfishdigital Bulk NoIndex & NoFollow Toolkit versions n/a through 2.16 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enable...
PT-2025-14186 · Unknown · Follow Us Badges
Name of the Vulnerable Software and Affected Versions: Follow Us Badges versions n/a through 3.1.11 Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS. This means that an attacker can inject malicious scripts into the...
PT-2025-5068 · Lawpress · Lawpress
Name of the Vulnerable Software and Affected Versions: LawPress – Law Firm Website Management versions 1.4.5 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This means an attacker can...
PT-2025-5018 · Unknown · Redirection Plus
Name of the Vulnerable Software and Affected Versions: REDIRECTION PLUS versions n/a through 2.0.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting'. This allows for Reflected XSS. Recommendations: For versions n...
PT-2025-3218 · Themelooks · Themelooks Enter Addons
Name of the Vulnerable Software and Affected Versions: ThemeLooks Enter Addons versions n/a through 2.1.9 Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means an attacker can inject malicious...
PT-2024-36125 · Unknown · Think201 Faqs
Name of the Vulnerable Software and Affected Versions: Think201 FAQs versions n/a through 1.0.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS in Think201 FAQs. Recommendations: For...
PT-2024-35883 · Sergio Micó · Simpleschema
Name of the Vulnerable Software and Affected Versions: SimpleSchema versions through 1.7.6.9 Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for DOM-Based XSS. A Cross-site Scripting XSS...
PT-2024-33433 · Elementor · Exclusive Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Exclusive Addons Elementor versions through 2.7.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, which can be used to injec...
Gradio 信息泄露漏洞
Gradio, an open source Python library open-sourced by Hugging Face, is a method for demonstrating machine learning models through a friendly web interface. Gradio suffers from an information disclosure vulnerability that stems from an attacker's ability to exploit these components by crafting...
PT-2024-30906 · WordPress · Wp Travel
Name of the Vulnerable Software and Affected Versions: WP Travel versions through 9.3.1 Description: The issue involves Improper Neutralization of Input During Web Page Generation, which is also known as Cross-site Scripting XSS. This problem allows for Stored XSS in WP Travel. Recommendations: F...
PT-2024-30322 · WordPress · Themify Shortcodes
Name of the Vulnerable Software and Affected Versions: Themify Shortcodes versions through 2.1.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...
PT-2024-30381 · Mediavine · Mediavine Control Panel
Name of the Vulnerable Software and Affected Versions: Mediavine Control Panel versions through 2.10.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in the Mediavine Control Pane...