EUVD-2021-29303

Malicious code in bioql PyPI...

EUVD-2022-4272

Malicious code in bioql PyPI...

EUVD-2025-24470

Malicious code in bioql PyPI...

EUVD-2025-19852

Malicious code in bioql PyPI...

EUVD-2025-17850

Malicious code in bioql PyPI...

EUVD-2023-57844

Malicious code in bioql PyPI...

EUVD-2024-35913

Malicious code in bioql PyPI...

CVE-2025-61599 Emlog is Vulnerable to Stored Cross-Site Scripting (XSS) in "Twitter" Feature via Markdown Input

Emlog is an open source website building system. A stored Cross-Site Scripting XSS vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary JavaScript code. The malicious script is stored on...

PT-2025-40461

Name of the Vulnerable Software and Affected Versions Emlog Pro versions 2.5.21 and below Description A stored Cross-Site Scripting XSS issue exists in the "Twitter" feature. An authenticated user with posting privileges can inject arbitrary JavaScript code. The malicious script is stored on the...

PT-2025-40451

Name of the Vulnerable Software and Affected Versions Yoast SEO Premium plugin for WordPress versions 25.7 through 25.9 Description The software is susceptible to a Stored Cross-Site Scripting issue stemming from a flawed regular expression used to remove an attribute within post content. This fl...

Splunk Enterprise 9.2.0 < 9.2.8, 9.3.0 < 9.3.6, 9.4.0 < 9.4.4 (SVD-2025-1003)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1003 advisory. - In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108,...

CVE-2025-57877

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...

CVE-2025-57424

A stored cross-site scripting XSS vulnerability exists in the MyCourts v3 application within the LTA number profile field. An attacker can insert arbitrary JavaScript into their profile, which executes in the browser of any user viewing it, including administrators. Due to the absence of the...

CVE-2025-57877

CVE-2025-57877 affects Esri Portal for ArcGIS

CVE-2025-33116

IBM Watson Studio on Cloud Pak for Data versions 4.0–5.2.0 are affected by CVE-2025-33116, a cross-site scripting flaw caused by insufficient input filtering in the Web UI that could allow an authenticated user to inject arbitrary JavaScript and potentially disclose credentials in a trusted sessi...

CVE-2025-59539

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, when embedding information in the Biography field, even if that field is not rich-text, users could inject javascript code that would run in the context of the websit...

CVE-2025-59548

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user clicking such link. This issue has been patched in...

CVE-2025-4760

An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...

CVE-2025-59548

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user clicking such link. This issue has been patched in...

CVE-2025-59539

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, when embedding information in the Biography field, even if that field is not rich-text, users could inject javascript code that would run in the context of the websit...