CVE-2025-34257

The CVE-2025-34257 entry concerns Advantech WISE-DeviceOn Server (versions prior to 5.4). A stored XSS exists in the /rmm/v1/action/defined endpoint: when an authenticated user creates a task, the defined_name value is stored and later rendered in the Overview page without HTML sanitization. The ...

PT-2025-49278

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/defined endpoint. When an authenticated user creates a task, the defined name value is stored and later rendered in the Overview page without HTML sanitization. An...

CVE-2025-63638

Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Task Title" and "Description Optional" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicki...

PT-2025-45495

Name of the Vulnerable Software and Affected Versions Sourcecodester AI-Powered To-Do List App version 1.0 Description The application is susceptible to Cross-Site Scripting XSS attacks. Specifically, the "Task Title" and "Description Optional" fields are vulnerable when creating a new task. An...

CVE-2025-63638

The CVE-2025-63638 entry corresponds to a Cross-Site Scripting (XSS) vulnerability in Sourcecodester AI-Powered To-Do List App v1.0. According to multiple sources (NVD, Red Hat, ENISA/EUVD, CVE/CVEList, CNNVD), the flaw affects the Task Title and the Description (Optional) fields when creating a ...

CVE-2025-63638

Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Task Title" and "Description Optional" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicki...

SUSE CVE-2025-40024

In the Linux kernel, the following vulnerability has been resolved: vhost: Take a reference on the task in struct vhosttask. vhosttaskcreate creates a task and keeps a reference to its taskstruct. That task may exit early via a signal and its taskstruct will be released. A pending vhosttaskwake...

PT-2025-43620

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where a race condition can occur within the vhost subsystem. Specifically, vhost task create creates a task and maintains a reference to its task struc...

EUVD-2020-13254

Malware in sbrugna...

EUVD-2023-36355

Malicious code in bioql PyPI...

CVE-2023-32087

Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation...

DRUPAL-CONTRIB-2025-018

The GDPR Task submodule enables you to create GDPR tasks. The module doesn't sufficiently protect against Cross Site Request Forgery CSRF attacks by validating user identity and intent when creating tasks...

General Data Protection Regulation - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-018

The GDPR Task submodule enables you to create GDPR tasks. The module doesn't sufficiently protect against Cross Site Request Forgery CSRF attacks by validating user identity and intent when creating tasks...

ManageEngine ServiceDesk Plus < 14.9 Build 14920

The version of ManageEngine ServiceDesk Plus installed on the remote host is prior to 14.9 Build 14920. It is, therefore, affected by a vulnerability as referenced in the service-deskCVE-2024-50053 advisory. - A stored cross-site scripting XSS vulnerability allowed authenticated technicians to...

PT-2024-16339 · WordPress · Wp Project Manager

Name of the Vulnerable Software and Affected Versions: WP Project Manager plugin for WordPress version 2.6.14 Description: The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the check method of the Create Milestone,...

pulpcore: RBAC permissions incorrectly assigned in tasks that create objects

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...

Unencrypted Task Creation

vantage6 is vulnerable to Unencrypted Task Creation. The vulnerability is due to improper validation to check if the task is encrypted and if a task is created in an encrypted collaboration...

CVE-2023-32087

Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation...

CVE-2023-32087

Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation...

Cross site scripting

Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation...