29 matches found
Github Enterprise Authenticated Remote Code Execution
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...
CVE-2025-69169
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Noor Alam Easy Media Download easy-media-download allows Reflection Injection.This issue affects Easy Media Download: from n/a through = 1.1.11...
CVE-2025-69169
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Noor Alam Easy Media Download easy-media-download allows Reflection Injection.This issue affects Easy Media Download: from n/a through = 1.1.11...
WordPress plugin Easy Media Download 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2026-1931
Name of the Vulnerable Software and Affected Versions Easy Media Download versions through 1.1.11 Description The software contains an Improper Neutralization of Script-Related HTML Tags in a Web Page issue, leading to Reflection Injection. This allows for a Basic Cross-Site Scripting XSS...
EUVD-2025-29619
Malicious code in bioql PyPI...
CVE-2025-8276
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Patika Global Technologies HumanSuite allows...
CVE-2025-8276
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Patika Global Technologies HumanSuite allows...
CVE-2025-8276
CVE-2025-8276 affects Patika Global Technologies’ HumanSuite (prior to 53.21.0). The issue stems from improper encoding/escaping of output and insufficient neutralization of input in web page generation, enabling Cross-Site Scripting (XSS) and injection-style risks (including potential code/data ...
CVE-2025-8276 HTML Injection in Patika Global Technologies' HumanSuite
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Patika Global Technologies HumanSuite allows...
CVE-2025-8276 HTML Injection in Patika Global Technologies' HumanSuite
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Patika Global Technologies HumanSuite allows...
Linux Distros Unpatched Vulnerability : CVE-2022-30287
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to...
CVE-2024-49632
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Senthil Vel CWD 3D Image Gallery cwd-3d-image-gallery allows Reflection Injection.This issue affects CWD 3D Image Gallery: from n/a through = 1.0...
CVE-2024-0200
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...
CVE-2024-0200 Unsafe Reflection in Github Enterprise Server leading to Command Injection
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...
PT-2023-8397 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.8.13 GitHub Enterprise Server versions prior to 3.9.8 GitHub Enterprise Server versions prior to 3.10.5 GitHub Enterprise Server versions prior to 3.11.3 GitHub Enterprise Server versions prior to...
CVE-2023-2267 Improper input validation could lead to reflection injection attacks
An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details...
Debian dla-3090 : php-horde-turba - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3090 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3090-1 [email protected] https://www.debian.org/lts/security/...
Horde Groupware Webmail <= 5.2.22 RCE Vulnerability (May 2022)
Horde Groupware Webmail is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2022-30287
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects...