123 matches found
CVE-2025-65026 esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript
esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...
PT-2025-45365
SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of t...
EUVD-2008-3182
Malware in sbrugna...
EUVD-2005-0310
Malware in sbrugna...
EUVD-2021-14070
Malware in sbrugna...
EUVD-2025-27770
Malicious code in bioql PyPI...
EUVD-2022-48090
Malicious code in bioql PyPI...
CVE-2025-57058
Tenda G3 v3.0brV15.11.0.17 was discovered to contain multiple stack overflows in the formSetDebugCfg function via the pEnable, pLevel, and pModule parameters. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
CVE-2025-57058
Affected software: Tenda G3 (v3.0br_V15.11.0.17). Vulnerability: stack overflow in the formSetDebugCfg function, exploitable via the pEnable, pLevel, and pModule parameters. Impact: Denial of Service (DoS) via a crafted request. Notes: Multiple connected documents confirm the function and paramet...
CVE-2025-30055
The "system" function receives untrusted input from the user. If the "EnableJSCaching" option is enabled, it is possible to execute arbitrary code provided as the "Module" parameter...
CVE-2025-30055
The "system" function receives untrusted input from the user. If the "EnableJSCaching" option is enabled, it is possible to execute arbitrary code provided as the "Module" parameter...
CVE-2025-30055 Conditional RCE via the "system" function
The "system" function receives untrusted input from the user. If the "EnableJSCaching" option is enabled, it is possible to execute arbitrary code provided as the "Module" parameter...
CVE-2025-30055
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2025-30055 Conditional RCE via the "system" function
The "system" function receives untrusted input from the user. If the "EnableJSCaching" option is enabled, it is possible to execute arbitrary code provided as the "Module" parameter...
PT-2025-34850 · Cgm · Cgm Clininet
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The system function is susceptible to accepting untrusted input from a user. When the EnableJSCaching option is enabled, it becomes possible to execute...
No Boss Calendar SQL注入漏洞
No Boss Calendar is a Joomla calendar plugin from Brazilian company No Boss. A SQL injection vulnerability exists in No Boss Calendar versions prior to 5.0.7, which stems from an SQL injection in the idmodule parameter...
CVE-2022-1504
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks...
CVE-2022-45182
Pi-StarDVDash for Pi-Star DV before 5aa194d mishandles the module parameter...
CVE-2010-4357
SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter...
CVE-2016-1000005
mcryptgetblocksize did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 inclusive, and all versions between 3.13.0 and 3.14.1...