PT-2025-47467

Name of the Vulnerable Software and Affected Versions DataDirect Connect for JDBC for Amazon Redshift versions through 6.0.0.001392 DataDirect Connect for JDBC for Apache Cassandra versions through 6.0.0.000805 DataDirect Connect for JDBC for Hive versions through 6.0.1.001499 DataDirect Connect...

EUVD-2025-197808

Cross-Site Scripting XSS vulnerability exists in SourceCodester AI Font Matcher nid=18425, 2025-10-10 that allows remote attackers to execute arbitrary JavaScript in victims' browsers. The vulnerability occurs in the webfonts API handling mechanism where font family names are not properly...

Malicious code in python-rootpath (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bb867560d676e7b79ce110b230906a9630feb223cbcb6072bff5a2636c60a3c7 Hidden code downloads, saves and import a remote script. The package itself is a clone of a legitimate "rootpath". At the time of analysis, the remote script d...

MAL-2025-191841 Malicious code in python-rootpath (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bb867560d676e7b79ce110b230906a9630feb223cbcb6072bff5a2636c60a3c7 Hidden code downloads, saves and import a remote script. The package itself is a clone of a legitimate "rootpath". At the time of analysis, the remote script d...

CVE-2025-63713

Cross-Site Scripting XSS vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. The vulnerability exists because the application fails to properly sanitize user-supplied input in test...

CVE-2025-62264

CVE-2025-62264 describes a reflected XSS in Liferay Portal and Liferay DXP via the _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_selectedLanguageId parameter. Affected versions include Liferay Portal 7.4.3.8–7.4.3.111 and Liferay DXP 2023.Q3.1–2023.Q3.10, 2023.Q4.0–2023.Q4...

MAL-2025-191874 Malicious code in speed-testing-nt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dcfc1b92868e7f4eef0f4c0e901418a557089fe5269a1e4ef07725d397cddbb3 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

CVE-2025-62265

Cross-site scripting XSS vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allow...

EUVD-2025-37011

Cross-site scripting XSS vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter...

CVE-2025-50574

Cross-site scripting XSS vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter...

MAL-2025-191876 Malicious code in speedd-testing-bot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2aaec37a58d7717b510aa569770af696e33ae7f9a59e733af3d6341d712f0d66 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

Malicious code in speedd-testing-bot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2aaec37a58d7717b510aa569770af696e33ae7f9a59e733af3d6341d712f0d66 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

GHSA-8MGF-RGG5-W38Q Liferay Portal Vulnerable to Cross-Site Scripting

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

Brother MFC-J4410DW Printers Cross-site Scripting (CVE-2015-1056)

Cross-site scripting XSS vulnerability in Brother MFC-J4410DW printer with firmware before L allows remote attackers to inject arbitrary web script or HTML via the url parameter to general/status.html and possibly other pages. This plugin only works with Tenable.ot. Please visit...

CVE-2017-20202

Web Developer for Chrome v0.4.9 contained malicious code that generated a domain via a DGA and fetched a remote script. The fetched script conditionally loaded follow-on modules that performed extensive ad substitution and malvertising, displayed fake “repair” alerts that redirected users to...

CVE-2025-62237

Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...

CVE-2025-62240

Multiple cross-site scripting XSS vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject...

CVE-2025-62240

Multiple cross-site scripting XSS vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject...

CVE-2025-43830

Stored cross-site scripting XSS vulnerability in Forms in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and 7.3 GA through update 35 allows remote attackers to inject arbitrary web script or HTML via a...