PT-2026-2247

Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3 Description CryptoLib is a software solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP for secure communication between spacecraft and ground stations. Versions prior ...

CVE-2022-0220

The checkprivacysettings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web...

CVE-2022-35493

A Cross-site scripting XSS vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the getproducts?search parameter...

CVE-2025-66458

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, there are multiple XSS due to unsafe use of f-strings in Markup. The issue requires a malicious 3rd party server responding with a JSON document...

CVE-2025-62397 Moodle: router produces json instead of 404 error for invalid course id

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance...

CVE-2025-11925

Incorrect Content-Type header in one of the APIs text/html instead of application/json replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

EUVD-2017-16594

Malware in sbrugna...

EUVD-2019-16158

Malware in sbrugna...

EUVD-2022-4024

Malicious code in bioql PyPI...

EUVD-2022-15421

Malicious code in bioql PyPI...

EUVD-2022-29727

Malicious code in bioql PyPI...

EUVD-2024-1012

Malicious code in bioql PyPI...

Vulnerability-identification-and-Mitigation

It is an offensive tool for source code and SMS message analysis...

@purplegate/chat-sdk (>=1.0.7 <=1.0.8), mock-json-response (=1.0.9) potentially affected by unknown CVE via rimraff (=0.0.1-security)

rimraff NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on rimraff and may be impacted: - @purplegate/chat-sdk =1.0.7, =1.0.8 - mock-json-response =1.0.9 Source cves: unknown CVE Source advisory: OSV:MAL-2025-32235...

PT-2025-25643 · Unknown · Mezzanine Cms

Name of the Vulnerable Software and Affected Versions: Mezzanine CMS versions prior to 6.1.1 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability in the admin interface. It exists in the displayable links js function, which fails to properly sanitize blog post titles before...

CVE-2024-44685

Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnerability a vulnerability where sensitive information, including passwords, is exposed in clear text within the JSON response when configuring SMTP settings via the Web UI...

CVE-2023-23856

In SAP BusinessObjects Business Intelligence Web Intelligence user interface - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On...

CVE-2023-0015

In SAP BusinessObjects Business Intelligence Platform Web Intelligence user interface - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS...

CVE-2022-24978

Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response...

CVE-2022-30617

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship e.g., created by, updated by with content accessible to the authenticated user. For example, a...