CVE-2025-59994

CVE-2025-59994 affects Juniper Junos Space prior to 24.1R4, with an XSS flaw in the Quick Template page due to improper input neutralization during web page generation. An attacker can inject scripts that, when viewed by another user, may execute commands with the target’s permissions (including ...

CVE-2025-59993

CVE-2025-59993 affects Juniper Networks Junos Space before version 24.1R4. The issue is an XSS vulnerability in the Space Node Setting fields (and related pages) where improper input neutralization allows injection of script tags, enabling an attacker to run commands with the target user’s privil...

CVE-2025-59982

CVE-2025-59982 affects Juniper Networks Junos Space prior to 24.1R4. Affected component: web page generation for the dashboard/search input. Root cause: improper input neutralization allows cross-site scripting (reflected) that can inject script tags; when visited by another user, it can execute ...

CVE-2025-59981

CVE-2025-59981 corresponds to a Cross-site Scripting (XSS) flaw in Juniper Networks Junos Space prior to version 24.1R4. The issue arises from improper input neutralization during web page generation on the Device Template Definition page, allowing an attacker to inject script tags that, when vie...

CVE-2025-11204 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.2 - Authenticated (Administrator+) SQL Injection

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 6.0.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

Linux Distros Unpatched Vulnerability : CVE-2025-11146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reflected Cross-site scripting XSS in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts XSS in the web management...

EUVD-2025-30215

Malicious code in bioql PyPI...

EUVD-2024-40619

Malicious code in bioql PyPI...

EUVD-2024-37524

Malicious code in bioql PyPI...

EUVD-2022-44625

Malicious code in bioql PyPI...

EUVD-2025-31607

Malicious code in bioql PyPI...

EUVD-2024-42362

Malicious code in bioql PyPI...

EUVD-2025-28502

Malicious code in bioql PyPI...

EUVD-2025-25282

Malicious code in bioql PyPI...

CVE-2025-59761

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

CVE-2025-59774

AndSoft e-TMS v25.03 is affected by a reflected Cross-Site Scripting (XSS) vulnerability. The issue arises from lack of proper filtering/escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn within the /clt/LOGINFRM_VON.ASP endpoint, enabling an attacker to c...

CVE-2025-57873

A reflected cross-site scripting vulnerability affects Esri Portal for ArcGIS 11.4 and earlier. An authenticated administrator can supply a crafted string to trigger arbitrary JavaScript execution in the user’s browser. Root cause appears to be reflected XSS via input echoed in the page. Impact p...

CVE-2025-57483

A reflected cross-site scripting XSS vulnerability in tawk.to chatbox widget v4 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the vulnerable parameter...

CVE-2025-11146

Reflected Cross-site scripting XSS in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts XSS in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”...

WordPress plugin Traveler 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...