7642 matches found
CVE-2023-53906
projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets section that will execute when other users loa...
CVE-2023-53906 ProjectSend r1605 Stored Cross-Site Scripting via Custom Assets Page
projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets section that will execute when other users loa...
PT-2025-51944
Name of the Vulnerable Software and Affected Versions projectSend version r1605 Description The software contains a stored cross-site scripting issue. Authenticated administrators can inject malicious JavaScript through the custom assets configuration page. An attacker can create a JavaScript...
CVE-2023-53903
WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting...
EUVD-2023-60187
WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting...
APT-ClaritySet: A Large-Scale, High-Fidelity Labeled Dataset for APT Malware with Alias Normalization and Graph-Based Deduplication
Large-scale, standardized datasets for Advanced Persistent Threat APT research are scarce, and inconsistent actor aliases and redundant samples hinder reproducibility. This paper presents APT-ClaritySet and its construction pipeline that normalizes threat actor aliases reconciling approximately...
MAL-2025-192576 Malicious code in sd-security (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 429e5a82bf0260fda2c531fb7909cf8b8417e424119df889ee7bad0ca4b439c2 The package sd-security was found to contain malicious code. Source: ghsa-malware e295e65302840407a5f64ae51ff2616121573aa518cd29d40198edf692c604de An...
CVE-2025-43494
A mail header parsing issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An attacker may be able to cause a persistent denial-of-service...
Persistent HTML Injection
privatebin/privatebin is vulnerable to persistent HTML injection. The vulnerability is due to an unsanitized attachment filename attachmentname when attachments are enabled, which allows an attacker to modify the filename before encryption so that, after decryption, arbitrary HTML is inserted...
CVE-2024-58292
XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for...
CVE-2025-43494
A mail header parsing issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An attacker may be able to cause a persistent denial-of-service...
MAL-2025-192556 Malicious code in cms_comp_static (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e057568833f54e2250c5364e595d7a3046f4eb94f2484b9a0a2236b948cb10f The package cmscompstatic was found to contain malicious code. Source: ghsa-malware 38ce02191cf2d82246d56083ba8f7c2c4c0f14a71060bf8beaea95851f3c7a1e...
EIP-7702 Phishing Attack
EIP-7702 introduces a delegation-based authorization mechanism that allows an externally owned account EOA to authenticate a single authorization tuple, after which all subsequent calls are routed to arbitrary delegate code. We show that this design enables a qualitatively new class of phishing...
CVE-2024-58292 XMB Forum 1.9.12.06 Persistent Cross-Site Scripting via Admin Templates
XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for...
XMB Forum 跨站脚本漏洞
XMB Forum is an open source forum system by XMB. A cross-site scripting vulnerability exists in XMB Forum version 1.9.12.06, which stems from persistent cross-site scripting in the template and homepage settings, which could lead to script execution by all forum users...
aap-gateway: Improper Path Validation in Gateway Allows Credential Exfiltration
A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...
MAL-2025-192397 Malicious code in @onlytoodles/crypto-jsa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 731c33f548ff79b458afc89fa8f3158762537acf2db8d026864792bb3222be7c The package @onlytoodles/crypto-jsa was found to contain malicious code. Source: ghsa-malware...
CVE-2025-62631
An insufficient session expiration vulnerability CWE-613 vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to maintain access to network resources via an active SSLVPN session not terminated after a user's passwor...
CVE-2025-22432
In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation...
Fortinet FortiOS 代码问题漏洞
Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A code issue...