256 matches found
PT-2025-49339
The Application Passwords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'reject url' parameter in all versions up to, and including, 0.1.3. This is due to insufficient input sanitization and output escaping on user supplied URLs, which allows javascript: URI schemes...
CVE-2025-58747
CVE-2025-58747 affects Dify up to version 1.9.1, where the MCP OAuth flow passes the remote server’s authorization_url directly to window.open without validation, enabling arbitrary JavaScript execution (XSS) when a victim connects to a malicious MCP server. Affected component: MCP OAuth in Dify....
CVE-2025-58747 Dify MCP OAuth Flow Vulnerable to XSS
Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorizationurl...
EUVD-2009-3002
Malware in sbrugna...
EUVD-2006-0476
Malware in sbrugna...
EUVD-2006-0539
Malware in sbrugna...
EUVD-2006-0241
Malware in sbrugna...
EUVD-2021-1166
Malware in sbrugna...
EUVD-2009-3000
Malware in sbrugna...
EUVD-2006-2966
Malware in sbrugna...
EUVD-2007-0777
Malware in sbrugna...
EUVD-2006-3755
Malware in sbrugna...
EUVD-2009-1593
Malware in sbrugna...
EUVD-2009-1592
Malware in sbrugna...
EUVD-2017-1561
Malware in sbrugna...
EUVD-2010-1612
Malware in sbrugna...
EUVD-2023-35297
Malicious code in bioql PyPI...
EUVD-2024-16398
Malicious code in bioql PyPI...
EUVD-2024-16399
Malicious code in bioql PyPI...
EUVD-2021-33525
Malicious code in bioql PyPI...