4531 matches found
CVE-2025-63949
A Reflected Cross-Site Scripting XSS vulnerability in yohanawi Hotel Management System commit 87e004a allows a remote attacker to execute arbitrary web script via the 'error' parameter in pages/room.php...
PT-2025-52406
Name of the Vulnerable Software and Affected Versions Mintlify Platform versions prior to 2025-11-15 Description A directory traversal issue exists in the Static Asset Proxy Endpoint. This allows remote attackers to inject arbitrary web script or HTML through a specially crafted URL containing pa...
CVE-2025-66924
A Cross-site scripting XSS vulnerability in Create/Update Item Kits in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter...
Cross-site Scripting (XSS)
com.liferay, com.liferay.dynamic.data.mapping.item.selector.web are vulnerable to cross-site scripting XSS. The vulnerability is due to improper input validation in user name fields First Name, Middle Name, Last Name, which allows a remote attacker to inject arbitrary web scripts or HTML via...
Malicious code in bigpyx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7a1bcd636394f1505534cf691576b00e8686aa14474e8a209c94f8213310b128 Continuation of the campaign with a slight different obfuscation of the malicious code, but there seems to be no difference in the behavior. The malicious code...
MAL-2025-192430 Malicious code in bigpyx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7a1bcd636394f1505534cf691576b00e8686aa14474e8a209c94f8213310b128 Continuation of the campaign with a slight different obfuscation of the malicious code, but there seems to be no difference in the behavior. The malicious code...
CVE-2025-34409
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an...
CVE-2025-34400
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not properly sanitized when processed via a GET request and is reflected within a block in the response. B...
CVE-2025-34400 MailEnable < 10.54 Reflected XSS in AddressesTo Parameter of AddressBook.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not properly sanitized when processed via a GET request and is reflected within a block in the response. B...
EUVD-2025-202192
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...
Malicious code in bignum (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 251c8009e3a70f8c3a3a8283dc7f2b603838ec892d7773f0b4886122ff0d97c5 In this incarnation, the package is no longer a clone of networkx, but continues to use the same technique to run secretly remote code and cover tracks ---...
MAL-2025-192385 Malicious code in graphsync (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 dbb10327d6553750848c2b849abba1ed717438928a6cfdc148b73de73db8e9db This is a malicious copy of the networkx package. It contains an obfuscated script that downloads and runs further scripts from one of multiple locations, and...
PT-2025-50140
Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description The software contains a reflected cross-site scripting XSS issue in the FieldBcc parameter of the ''/Mondo/lang/sys/Forms/AddressBook.aspx'' endpoint. The FieldBcc value is not properly sanitized...
Malicious code in rendom (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1effe6d94e0635864c22ea960a22b40294c3f2e510550046139bcd78f62a33fa The package contains a Telegram bot to perform remote control of the computer. The package name additionally suggests typosquatting against standard random...
MAL-2025-192323 Malicious code in rendom (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1effe6d94e0635864c22ea960a22b40294c3f2e510550046139bcd78f62a33fa The package contains a Telegram bot to perform remote control of the computer. The package name additionally suggests typosquatting against standard random...
Malicious code in joyboyw (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 36ac711534f46e41704c145912a7a6c3a51f64bb1888469e0730768e00865242 Contains a function to silently download malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
MAL-2025-192322 Malicious code in joyboyw (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 36ac711534f46e41704c145912a7a6c3a51f64bb1888469e0730768e00865242 Contains a function to silently download malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
EUVD-2025-201188
A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1 of the component Add Data Validation Page. The manipulation of the argument dataname leads to...
Adobe Experience Manager (AEM) Groovy Console
The remote Adobe Experience Manager AEM expose a Groovy console that allows users to execute arbitrary Groovy scripts on the server. This can lead to remote code execution and complete compromise of the AEM instance and the underlying server. No source data...
Malicious code in speed-testing-vps (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 227b3ee25e084b57a160b7287f80a8ab8da0559184c81b5e9cae1d03941ca51b The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...