118 matches found
CVE-2021-31643
An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter...
PT-2025-53294
Name of the Vulnerable Software and Affected Versions Specto CM versions prior to 17032025 Description Specto CM contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scripts can be injected into...
EUVD-2021-18529
Malware in sbrugna...
EUVD-2019-0119
Malware in sbrugna...
EUVD-2020-0466
Malware in sbrugna...
EUVD-2023-59267
Malicious code in bioql PyPI...
EUVD-2022-25045
Malicious code in bioql PyPI...
EUVD-2022-34685
Malicious code in bioql PyPI...
EUVD-2022-51709
Malicious code in bioql PyPI...
EUVD-2025-11520
Malicious code in bioql PyPI...
CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)
In the course of a penetration testing engagement, Rapid7 discovered three vulnerabilities in MICI Network Co., Ltd’s NetFax server versions 3.0.1.0. These issues allowed for an authenticated attack chain resulting in Remote Code Execution RCE against the device as the root user. While...
CVE-2019-7552
An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section...
CVE-2024-13616 VikBooking < 1.7.2 - Admin+ Stored XSS
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-58130
In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses...
CVE-2024-58130
In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses...
CVE-2024-11600 Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.6.0 - Authenticated (Administrator+) Remote Code Execution
The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.6.0 via the 'writeconfig' function. This is due to a lack of sanitization on an imported JSON file. This makes it...
The vulnerability of the SimpleXLSX file reading extension lies in the lack of sanitization, allowing an attacker to execute arbitrary code.
The vulnerability of the SimpleXLSX file reading extension is related to the lack of sanitization. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
PT-2025-3119
Name of the Vulnerable Software and Affected Versions Umbraco CMS version 14.3.1 Description A stored cross-site scripting XSS vulnerability in Umbraco CMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload. This issue is only possible via authenticated users who have...
Flowise Path Injection at /api/v1/openai-assistants-file
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the /api/v1/openai-assistants-file endpoint in index.ts is vulnerable to arbitrary file read due to lack of sanitization of the fileName body parameter. No known patches for this...
CVE-2024-6365
CVE-2024-6365 affects Product Table by WBW for WordPress (wp-plugin). All versions up to 2.0.1 are vulnerable to unauthenticated Remote Code Execution via the saveCustomTitle function, caused by missing authorization and lack of sanitization of appended data in languages/customTitle.php. Impact p...