EUVD-2024-43318

Malicious code in bioql PyPI...

EUVD-2023-48810

Malicious code in bioql PyPI...

EUVD-2025-4339

Malicious code in bioql PyPI...

EUVD-2022-49602

Malicious code in bioql PyPI...

CVE-2025-58857

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KaizenCoders Table of content content-table allows Stored XSS.This issue affects Table of content: from n/a through = 1.5.3.1...

CVE-2025-58857 WordPress Table of content Plugin <= 1.5.3.1 - Cross Site Request Forgery (CSRF) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KaizenCoders Table of content content-table allows Stored XSS.This issue affects Table of content: from n/a through = 1.5.3.1...

Unveiling Usability Challenges in Web Privacy Controls

With the increasing concerns around privacy and the enforcement of data privacy laws, many websites now provide users with privacy controls. However, locating these controls can be challenging, as they are frequently hidden within multiple settings and layers. Moreover, the lack of standardizatio...

DRUPAL-CONTRIB-2025-077

This module enables you to generate Table of content of your pages given a configuration. The module doesn't sufficiently sanitise data attributes allowing persistent Cross-site Scripting XSS attacks. This vulnerability is mitigated by the fact that an attacker must have a role with permission to...

Drupal Toc.js module < 3.2.1 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module Toc.js versions 3.2.1...

CVE-2024-49250

Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Table of Contents Plus table-of-contents-plus allows Cross Site Request Forgery.This issue affects Table of Contents Plus: from n/a through = 2408...

CVE-2024-7082

The Easy Table of Contents WordPress plugin before 2.0.68 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks...

CVE-2024-2953

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor permissio...

CVE-2024-5578

The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-5573

The Easy Table of Contents WordPress plugin before 2.0.66 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-9641

The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5029

The CM Table Of Contents WordPress plugin before 1.2.4 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2023-7071

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2023-44473

Cross-Site Request Forgery CSRF vulnerability in Michael Tran Table of Contents Plus plugin = 2302 versions...

CVE-2023-6487

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Header Title' field in all versions up to and including 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2022-46820

Cross-Site Request Forgery CSRF vulnerability in WPJoli Joli Table Of Contents plugin = 1.3.9 versions...