CVE-2025-13377

The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the getcachedirforpagefromurl function in all versions up to, and including, 2.32.7. This makes it possible for...

EUVD-2025-37503

IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p6, and all prior versions allows some IdentityIQ web services that provide non-HTML content to be accessed via a URL path that will set the Content-Type to HTML allowing a...

CVE-2025-53533 Pi-hole Admin Interface vulnerable to cross-site scripting via malformed URL path on 404 error page

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting XSS via a malformed URL path. The 404 error page includes t...

CVE-2025-53533

CVE-2025-53533 affects Pi-hole Admin Interface ≤ 6.2.1. It is a reflected XSS in the 404 page caused by including the requested path in the body tag’s class attribute without proper sanitization, enabling an attacker to craft a link with an onload attribute that executes arbitrary JavaScript in a...

CVE-2025-62421 DataEase vulnerable to stored cross-site scripting via file upload bypass

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a stored cross-site scripting vulnerability exists due to improper file upload validation and authentication bypass. The StaticResourceApi interface defines a route upload/fileId that uses a URL path...

EUVD-2019-0781

Malware in sbrugna...

EUVD-2014-2880

Malware in sbrugna...

EUVD-2007-2324

Malware in sbrugna...

EUVD-2020-1289

Malware in sbrugna...

EUVD-2016-10296

Malware in sbrugna...

EUVD-2020-29051

Malware in sbrugna...

EUVD-2023-46060

Malicious code in bioql PyPI...

EUVD-2022-3974

Malicious code in bioql PyPI...

EUVD-2024-23539

Malicious code in bioql PyPI...

EUVD-2023-30089

Malicious code in bioql PyPI...

EUVD-2024-0932

Malicious code in bioql PyPI...

EUVD-2022-53402

Malicious code in bioql PyPI...

EUVD-2022-0181

Malicious code in bioql PyPI...

CVE-2025-56154

htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint. The name parameter is not properly sanitized before reflecting in the HTML response, enabling injection of arbitrary JavaScript. The CVE description confirms the affected software and the vulnerability locatio...

Remote Code Execution (RCE)

github.com/tnborg/panel is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper path handling in the CleanPath middleware from the go-chi/chi package, which fails to process r.URL.Path, followed by flaws in backend login path exposure, which allows an attacker to bypass...