MAL-2025-192943 Malicious code in telegrem (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f2186dc29d07dc851d756bae0b5d080ebe5923efe6654fdb4aa9ec55bbba9b6a The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

PT-2025-53591

Name of the Vulnerable Software and Affected Versions FluentCMS version 1.2.3 Description The application does not properly sanitize input in the section, which can allow remote attackers to inject arbitrary script tags. This issue was identified after logging in as an administrator and navigatin...

FluentCMS 安全漏洞

FluentCMS is a content management system from FluentCMS open source. A security vulnerability exists in FluentCMS version 1.2.3, which stems from improper input cleanup in the head portion of the Add Page feature, which could lead to a remote attacker injecting arbitrary script tags...

CVE-2025-65270

Reflected cross-site scripting XSS vulnerability in ClinCapture EDC 3.0 and 2.2.3, allowing an unauthenticated remote attacker to execute JavaScript code in the context of the victim's browser...

CVE-2025-67845

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences...

EUVD-2025-204425

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences...

CVE-2025-67845

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences...

CVE-2025-67845

Summary: CVE-2025-67845 is a directory traversal vulnerability in Mintlify Platform’s Static Asset Proxy Endpoint (prior to 2025-11-15). An attacker can craft a URL with traversal sequences to inject arbitrary web script or HTML. Affected components: Mintlify Platform, Static Asset Proxy Endpoint...

CVE-2025-67842

The CVE describes a vulnerability in Mintlify Platform’s Static Asset API where, prior to 2025-11-15, any tenant’s assets could be served on another tenant’s documentation site via the subdomain parameter, enabling remote arbitrary web script or HTML injection. Affected component: Static Asset AP...

CVE-2025-63949

A Reflected Cross-Site Scripting XSS vulnerability in yohanawi Hotel Management System commit 87e004a allows a remote attacker to execute arbitrary web script via the 'error' parameter in pages/room.php...

PT-2025-52406

Name of the Vulnerable Software and Affected Versions Mintlify Platform versions prior to 2025-11-15 Description A directory traversal issue exists in the Static Asset Proxy Endpoint. This allows remote attackers to inject arbitrary web script or HTML through a specially crafted URL containing pa...

CVE-2025-66924

A Cross-site scripting XSS vulnerability in Create/Update Item Kits in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter...

Cross-site Scripting (XSS)

com.liferay, com.liferay.dynamic.data.mapping.item.selector.web are vulnerable to cross-site scripting XSS. The vulnerability is due to improper input validation in user name fields First Name, Middle Name, Last Name, which allows a remote attacker to inject arbitrary web scripts or HTML via...

Malicious code in bigpyx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7a1bcd636394f1505534cf691576b00e8686aa14474e8a209c94f8213310b128 Continuation of the campaign with a slight different obfuscation of the malicious code, but there seems to be no difference in the behavior. The malicious code...

MAL-2025-192430 Malicious code in bigpyx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7a1bcd636394f1505534cf691576b00e8686aa14474e8a209c94f8213310b128 Continuation of the campaign with a slight different obfuscation of the malicious code, but there seems to be no difference in the behavior. The malicious code...

CVE-2025-34409

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an...

CVE-2025-34400

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not properly sanitized when processed via a GET request and is reflected within a block in the response. B...

CVE-2025-34400 MailEnable < 10.54 Reflected XSS in AddressesTo Parameter of AddressBook.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not properly sanitized when processed via a GET request and is reflected within a block in the response. B...

EUVD-2025-202192

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...

Malicious code in bignum (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 251c8009e3a70f8c3a3a8283dc7f2b603838ec892d7773f0b4886122ff0d97c5 In this incarnation, the package is no longer a clone of networkx, but continues to use the same technique to run secretly remote code and cover tracks ---...