PT-2025-46528

Name of the Vulnerable Software and Affected Versions Lite XL versions prior to 2.1.9 Description Lite XL automatically executes the .lite project.lua file when opening a project directory without user confirmation. This file is designed for project configuration but can contain executable Lua...

PT-2025-46529

Name of the Vulnerable Software and Affected Versions Lite XL versions 2.1.8 and prior Description Lite XL is a lightweight, cross-platform text editor written in Lua and C, designed for extensibility via plugins and project-specific modules. The application executes project-level Lua modules and...

EUVD-2007-4419

Malware in sbrugna...

EUVD-2006-2261

Malware in sbrugna...

EUVD-2025-31024

Malicious code in bioql PyPI...

CVE-2025-48867

Horilla is a free and open source Human Resource Management System HRMS. A stored cross-site scripting XSS vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads...

CVE-2025-48867 Horilla Stored Cross-Site Scripting (XSS) Vulnerability in Project and Task Modules

Horilla is a free and open source Human Resource Management System HRMS. A stored cross-site scripting XSS vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads...

CVE-2025-48867

CVE-2025-48867 describes a stored cross-site scripting (XSS) vulnerability in Horilla HRM 1.3.0. The issue allows authenticated admin/privileged users to inject malicious JavaScript into multiple fields in the Project and Task modules; payloads are stored in the database and execute when viewed b...

CVE-2025-48867 Horilla Stored Cross-Site Scripting (XSS) Vulnerability in Project and Task Modules

Horilla is a free and open source Human Resource Management System HRMS. A stored cross-site scripting XSS vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads...

CVE-2025-48867 Horilla Stored Cross-Site Scripting (XSS) Vulnerability in Project and Task Modules

Horilla is a free and open source Human Resource Management System HRMS. A stored cross-site scripting XSS vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads...

PT-2025-39309

Name of the Vulnerable Software and Affected Versions Horilla HRM version 1.3.0 Description Horilla is a free and open source Human Resource Management System HRMS. A stored cross-site scripting XSS issue in Horilla HRM version 1.3.0 allows authenticated admin or privileged users to inject...

Horilla 跨站脚本漏洞

Horilla is a free and open source human resources software from Horilla, Inc. A cross-site scripting vulnerability exists in Horilla version 1.3.0, which stems from multiple fields in the Project and Task modules not being properly cleared for user input, and could lead to a stored cross-site...

CVE-2021-45041

SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resourceid and startdate...

CVE-2024-29737

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

The vulnerability of the Project Module in the Apache StreamPark development and management environment allows a attacker to execute arbitrary commands.

The vulnerability of the Project Module in the Apache StreamPark development and management environment is related to incorrect processing of the "" element. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary commands...

The vulnerability of the Project Module in the Apache StreamPark development and management environment allows a attacker to execute arbitrary commands.

The vulnerability of the Project Module in the Apache StreamPark development and management environment is related to incorrect processing of the element. Exploiting this vulnerability may allow an attacker to execute arbitrary commands remotely...

CVE-2023-52291

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

CVE-2024-29737

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

PT-2024-5250 · Apache · Apache Streampark

Name of the Vulnerable Software and Affected Versions: Apache StreamPark versions prior to 2.1.4 Description: The issue is related to incorrect handling of the character in the Project Module of Apache StreamPark, allowing remote attackers to execute arbitrary commands. The vulnerability can be...

BIT-SUITECRM-2021-45041

SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resourceid and startdate...