CVE-2025-65956

Summary: CVE-2025-65956 affects Formwork CMS (flat-file CMS) prior to version 2.2.0. The vulnerability is a stored cross-site scripting (XSS) in the blog tag field; unsanitized input inserted into the tag field can execute attacker-controlled scripts in the browser of any privileged user (adminis...

GHSA-XV5P-FJW5-VRJ6 Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer

Summary The Fugue framework implements an RPC server system for distributed computing operations. In the core functionality of the RPC server implementation, I found that the decode function in fugue/rpc/flask.py directly uses cloudpickle.loads to deserialize data without any sanitization. This...

CVE-2025-13383

The Job Board by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.1. This is due to the plugin storing the entire unsanitized $GET superglobal array directly into the database via updateusermeta when users save search results,...

CVE-2025-13383

CVE-2025-13383 concerns the WordPress plugin “Job Board by BestWebSoft.” The issue is a stored XSS caused by unsafely storing the entire GET array via update_user_meta() and later outputting it without proper escaping, enabling unauthenticated attackers to inject scripts when users view saved sea...

EUVD-2019-6103

Malware in sbrugna...

EUVD-2020-28869

Malware in sbrugna...

EUVD-2014-0218

Malware in sbrugna...

EUVD-2021-2510

Malware in sbrugna...

EUVD-2021-1742

Malware in sbrugna...

EUVD-2009-4460

Malware in sbrugna...

EUVD-2024-3174

Malicious code in bioql PyPI...

EUVD-2022-53921

Malicious code in bioql PyPI...

EUVD-2022-24841

Malicious code in bioql PyPI...

EUVD-2024-22409

Malicious code in bioql PyPI...

ROS-20251001-03

A vulnerability in the jQuery library exists due to insufficient cleansing of user-supplied data when passing elements to jQuery DOM methods. Exploitation of the vulnerability could allow an attacker, acting remotely, to perform cross-site scripting attacks...

Linux Distros Unpatched Vulnerability : CVE-2023-30944

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote...

CVE-2025-41047 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/ace...

httpd: insufficient escaping of user-supplied data in mod_ssl

A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...

CVE-2025-57819 FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issu...

GHSA-8MVJ-3J78-4QMW jsPDF Denial of Service (DoS)

Impact User control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of...