CVE-2025-53533

CVE-2025-53533 affects Pi-hole Admin Interface ≤ 6.2.1. It is a reflected XSS in the 404 page caused by including the requested path in the body tag’s class attribute without proper sanitization, enabling an attacker to craft a link with an onload attribute that executes arbitrary JavaScript in a...

CVE-2025-62421 DataEase vulnerable to stored cross-site scripting via file upload bypass

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a stored cross-site scripting vulnerability exists due to improper file upload validation and authentication bypass. The StaticResourceApi interface defines a route upload/fileId that uses a URL path...

EUVD-2007-2324

Malware in sbrugna...

EUVD-2020-29051

Malware in sbrugna...

EUVD-2019-0781

Malware in sbrugna...

EUVD-2016-10296

Malware in sbrugna...

EUVD-2020-1289

Malware in sbrugna...

EUVD-2014-2880

Malware in sbrugna...

EUVD-2023-46060

Malicious code in bioql PyPI...

EUVD-2022-3974

Malicious code in bioql PyPI...

EUVD-2024-23539

Malicious code in bioql PyPI...

EUVD-2022-53402

Malicious code in bioql PyPI...

EUVD-2022-0181

Malicious code in bioql PyPI...

EUVD-2024-0932

Malicious code in bioql PyPI...

EUVD-2023-30089

Malicious code in bioql PyPI...

CVE-2025-56154

htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint. The name parameter is not properly sanitized before reflecting in the HTML response, enabling injection of arbitrary JavaScript. The CVE description confirms the affected software and the vulnerability locatio...

Remote Code Execution (RCE)

github.com/tnborg/panel is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper path handling in the CleanPath middleware from the go-chi/chi package, which fails to process r.URL.Path, followed by flaws in backend login path exposure, which allows an attacker to bypass...

Improper Output Neutralization for Logs

Overview litestar is a Litestar - A production-ready, highly performant, extensible ASGI API Framework Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the exception logging process. An attacker can manipulate log files and forge log entries by...

RatPanel can perform remote command execution without authorization

Summary When an attacker obtains the backend login path of RatPanel including but not limited to weak default paths, brute-force cracking, etc., they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution RCE vulnerability...

PT-2025-31881 · Ratpanel · Ratpanel

Name of the Vulnerable Software and Affected Versions: RatPanel versions 2.3.19 through 2.5.5 Description: RatPanel is susceptible to remote code execution RCE and unauthorized access. An attacker who obtains the backend login path of RatPanel can execute system commands or take over hosts manage...