EUVD-2025-26261

Malicious code in bioql PyPI...

EUVD-2025-28855

Malicious code in bioql PyPI...

EUVD-2025-29001

Malicious code in bioql PyPI...

EUVD-2025-29715

Malicious code in bioql PyPI...

Joomla! XSS Vulnerability (20250901)

Joomla! is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...

CVE-2025-11119

A security flaw has been discovered in itsourcecode Hostel Management System 1.0. Impacted is an unknown function of the file /justines/index.php of the component POST Request Handler. Performing manipulation of the argument from results in cross site scripting. It is possible to initiate the...

CVE-2025-11112

A security vulnerability has been detected in PHPGurukul Employee Record Management System 1.3. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument First name leads to cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2025-11027

A vulnerability was identified in givanz Vvveb up to 1.0.7.2. Affected by this issue is some unknown functionality of the component SVG File Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used. Once aga...

CVE-2025-10940

A vulnerability was found in Total.js CMS 1.0.0. Affected by this vulnerability is the function layoutssave of the file /admin/ of the component Layout Page. Performing manipulation of the argument HTML results in cross site scripting. It is possible to initiate the attack remotely. The exploit h...

PT-2025-38647

Name of the Vulnerable Software and Affected Versions htmly versions up to 3.1.0 Description A security issue has been identified in htmly. Manipulation of the label argument in an unknown function within the file /htmly/admin/field/post of the Custom Field Handler component can lead to cross-sit...

CVE-2025-10642

A vulnerability has been found in wangchenyi1996 chatforum up to 80bdb92f5b460d36cab36e530a2c618acef5afd2. This impacts an unknown function of the file /q.php. Such manipulation of the argument path leads to cross site scripting. The attack may be launched remotely. This product operates on a...

PT-2025-38140

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A weakness exists in Portabilis i-Educar up to version 2.10. The issue is related to the manipulation of the abreviatura/tipoacao argument in the /intranet/educar funcao cad.php file within...

CVE-2025-10370

A vulnerability was identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This vulnerability affects unknown code of the file /htdocs/userScripts.php. The manipulation of the argument Custom script leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is...

PT-2025-37397

Name of the Vulnerable Software and Affected Versions: Yida ECMS Consulting Enterprise Management System version 1.0 Description: A cross-site scripting issue exists in Yida ECMS Consulting Enterprise Management System 1.0. The vulnerability is located in the POST Request Handler component,...

CVE-2025-10367 MiczFlor RPi-Jukebox-RFID cardEdit.php cross site scripting

A vulnerability has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/cardEdit.php. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public...

CVE-2025-10366 MiczFlor RPi-Jukebox-RFID inc.setWlanIpMail.php cross site scripting

A flaw has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/inc.setWlanIpMail.php. This manipulation of the argument Email address causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be...

CVE-2025-10117

A weakness has been identified in SourceCodester Simple To-Do List System 1.0. Impacted is an unknown function of the file /fetchtasks.php of the component Add New Task. Executing manipulation with the input can lead to cross site scripting. The attack can be executed remotely. The exploit has be...

Linux Distros Unpatched Vulnerability : CVE-2018-25050

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability, which was classified as problematic, has been found in Harvest Chosen up to 1.8.6. Affected by this issue is the function AbstractChosen of the...

CVE-2025-10066

A security vulnerability has been detected in itsourcecode POS Point of Sale System 1.0. The affected element is an unknown function of the file /inventory/main/vendors/datatables/unittesting/templates/dymanictable.php. Such manipulation of the argument scripts leads to cross site scripting. The...

CVE-2025-10088

CVE-2025-10088 affects SourceCodester Time Tracker 1.0. An unknown function in /index.html is vulnerable when manipulating the project-name parameter, enabling cross-site scripting that could be triggered remotely. Exploit is publicly available (PoC). A practical interim mitigation from PT-2025-3...