6238 matches found
EUVD-2025-7037
Malicious code in bioql PyPI...
EUVD-2023-36902
Malicious code in bioql PyPI...
EUVD-2024-41546
Malicious code in bioql PyPI...
EUVD-2024-33784
Malicious code in bioql PyPI...
EUVD-2025-8169
Malicious code in bioql PyPI...
EUVD-2025-3760
Malicious code in bioql PyPI...
EUVD-2022-3360
Malicious code in bioql PyPI...
EUVD-2023-29859
Malicious code in bioql PyPI...
EUVD-2025-13411
Malicious code in bioql PyPI...
EUVD-2024-19411
Malicious code in bioql PyPI...
EUVD-2022-50373
Malicious code in bioql PyPI...
PT-2025-40480
Name of the Vulnerable Software and Affected Versions Easy Elementor Addons versions prior to 2.2.8 Description The Easy Elementor Addons plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping in several widget...
CVE-2025-40989
CVE-2025-40989 describes a stored cross-site scripting vulnerability in Ekushey CRM v5.0 (Creativeitem) caused by insufficient validation of user input in the POST endpoint dealing with the applicant’s message, specifically the API path that includes the message parameter. The affected component ...
CVE-2025-6941
CVE-2025-6941 is a stored XSS in the WordPress plugin LatePoint (Calendar Booking Plugin for Appointments and Events). The issue arises from insufficient input sanitization/escaping in the id parameter of the latepoint_resources shortcode, affecting all versions up to and including 5.1.94. Exploi...
CVE-2025-10168
CVE-2025-10168 — WordPress Any News Ticker plugin stores cross-site scripting via the any-ticker shortcode. All versions up to 3.1.1 are affected due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authentic access at contributor level or ...
CVE-2025-10182
CVE-2025-10182: WordPress dbview plugin variants up to 0.5.5 exposed a Stored Cross-Site Scripting vulnerability in the dbview shortcode due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or higher can inject scripts that run when use...
CVE-2025-57873
A reflected cross-site scripting vulnerability affects Esri Portal for ArcGIS 11.4 and earlier. An authenticated administrator can supply a crafted string to trigger arbitrary JavaScript execution in the user’s browser. Root cause appears to be reflected XSS via input echoed in the page. Impact p...
CVE-2025-8440
The Team Members plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the first and last name fields in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-10136
The TweetThis Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tweetthis' shortcode in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-60164
CVE-2025-60164 describes a CSRF flaw in the WordPress plugin NewsmanApp that enables a Stored XSS vector in versions up to 2.7.7 . The Connected documents identify the affected product and vulnerability type, but there are no details on exploits, exact impact beyond stored XSS, or a patch/recomme...