82 matches found
EUVD-2009-1475
Malware in sbrugna...
EUVD-2020-2568
Malware in sbrugna...
EUVD-2020-14759
Malware in sbrugna...
EUVD-2024-47413
Malicious code in bioql PyPI...
EUVD-2023-35760
Malicious code in bioql PyPI...
EUVD-2023-2896
Malicious code in bioql PyPI...
GP247 and S-Cart have a stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...
Linux Distros Unpatched Vulnerability : CVE-2020-29547
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS...
Cross-Site WebSocket Hijacking (CSWSH)
github.com/komari-monitor/komari, is vulnerable to Cross-Site WebSocket Hijacking CSWSH. The vulnerability is due to disabled origin checking, which allows an attacker to hijack authenticated user WebSocket connections...
Linux Distros Unpatched Vulnerability : CVE-2016-10376
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gajim through 0.16.7 unconditionally implements the XEP-0146: Remote Controlling Clients extension. This can be abused by malicious XMPP servers to, for example...
CVE-2025-55288 Genealogy has a Reflected XSS Vulnerability
Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Reflected Cross-Site Scripting XSS vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and U...
CVE-2024-41985
A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application does not expire the session without logout. This could allow an attacker to get unauthorized access if the session is left idle...
Linux Distros Unpatched Vulnerability : CVE-2025-4035
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least...
PT-2025-24231 · Unknown · Wpsoul Greenshift
Name of the Vulnerable Software and Affected Versions: wpsoul Greenshift versions n/a through 11.5.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows DOM-Based XSS. This means that an attacker coul...
CVE-2024-52523
Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fixed credentials, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active sessi...
CVE-1999-0202
The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands...
Exploit for CVE-2525-25748
CVE-2025-25748-Cross-Site-Request-Forgery-CSRF-Vulnerability-i...
CVE-2025-1801
Summary (CVE-2025-1801): A race-condition vulnerability in the Red Hat Ansible Automation Platform (AAP) 2.5 gateway’s aap-gateway GRPC service could let a less-privileged user obtain a greater-privileged user’s JWT, risking session data and server integrity. CVSS v3.1 base score 8.1 (HIGH) with ...
PT-2025-7832 · Unknown · Rustaurius Front End Users
Name of the Vulnerable Software and Affected Versions: Rustaurius Front End Users versions 3.2.30 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Stored XSS vulnerability. This allows for the storage of malicious scrip...
CVE-2024-53943
An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute JavaScript within the context of the current user by injecting JavaScript into the SSID...