2179 matches found
EUVD-2025-18060
Malicious code in bioql PyPI...
EUVD-2023-25783
Malicious code in bioql PyPI...
EUVD-2022-1691
Malicious code in bioql PyPI...
EUVD-2023-54731
Malicious code in bioql PyPI...
EUVD-2024-23405
Malicious code in bioql PyPI...
EUVD-2024-1164
Malicious code in bioql PyPI...
EUVD-2023-26433
Malicious code in bioql PyPI...
EUVD-2021-29331
Malicious code in bioql PyPI...
EUVD-2024-39224
Malicious code in bioql PyPI...
EUVD-2023-52539
Malicious code in bioql PyPI...
EUVD-2024-2977
Malicious code in bioql PyPI...
EUVD-2022-4390
Malicious code in bioql PyPI...
EUVD-2024-23337
Malicious code in bioql PyPI...
GE Reason S20 Ethernet Switch Improper Neutralization of Input During Web Page Generation (CVE-2020-16246)
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting XSS, which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site...
PT-2025-40256
Name of the Vulnerable Software and Affected Versions Fiora chat application versions 1.0.0 through 1.0.0 Description The Fiora chat application has a file upload issue related to the user avatar upload functionality. The application does not properly validate SVG file content. This allows...
CVE-2025-4760
An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...
CVE-2025-4760 Authenticated Stored Cross-Site Scripting (XSS) in Multiple WSO2 Products via API Document Upload in Publisher
An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...
CVE-2025-55887
Cross-Site Scripting XSS vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that ...
CVE-2025-55888
Cross-Site Scripting XSS vulnerability was discovered in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. This input is not properly sanitized or encoded when rendered, allowing script execution i...
PT-2025-37939
Name of the Vulnerable Software and Affected Versions: PPC 2K15X Router affected versions not specified Description: The router is susceptible to a reflected Cross-Site Scripting XSS attack due to improper input validation of Common Gateway Interface CGI parameters at its web management portal. A...