EUVD-2023-34526

Malicious code in bioql PyPI...

EUVD-2023-44000

Malicious code in bioql PyPI...

EUVD-2024-39871

Malicious code in bioql PyPI...

EUVD-2025-25609

Malicious code in bioql PyPI...

EUVD-2023-43477

Malicious code in bioql PyPI...

EUVD-2023-31260

Malicious code in bioql PyPI...

EUVD-2022-5795

Malicious code in bioql PyPI...

firefox security update

An update is available for firefox. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...

AZL-68285 CVE-2025-46818 affecting package redis for versions less than 6.2.20-1

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...

UBUNTU-CVE-2025-46819

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua...

CVE-2025-46818 Redis: Authenticated users can execute LUA scripts as a different user

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...

EUVD-2025-32260

The Epic Bootstrap Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘icol’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

WordPress plugin Epic Bootstrap Buttons 跨站脚本漏洞

WordPress Epic Bootstrap Buttons plugin is a plugin for quickly adding Bootstrap style buttons to your WordPress website. WordPress Epic Bootstrap Buttons plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of icol parameters, whic...

WordPress plugin Fintelligence Calculator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Fintelligence Calculator plugin, which stems from a lack of valid filtering and escaping of the...

WordPress plugin Easy Elementor Addons 跨站脚本漏洞

The WordPress Elementor Addons plugin is a plugin that extends the Elementor page builder functionality and enhances site design capabilities by providing additional widgets and styles. A cross-site scripting vulnerability exists in the WordPress Easy Elementor Addons plugin, which stems from the...

CVE-2025-60452

MetInfo CMS v8.0 contains a stored XSS in the download management module (app\system\download\admin\download_admin.class.php) caused by accepting unvalidated SVG uploads (containing JavaScript) that execute when viewed. Red Hat and other sources corroborate the same description. Impact is a store...

CVE-2025-57393

A stored cross-site scripting XSS in Kissflow Work Platform Kissflow Application Versions 7337 Account v2.0 to v4.2vallows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

CVE-2025-56379

A stored cross-site scripting XSS vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the content field...

Cross-site Scripting (XSS)

Overview local-deep-research is an AI-powered research assistant with deep, iterative analysis using LLMs and web searches Affected versions of this package are vulnerable to Cross-site Scripting XSS via incomplete HTML sanitization in the client-side PDF export pipeline. An attacker can exploit...