Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the handling of attribute spreading and dynamic name attributes within form elements. An attacker can inject malicious scripts by manipulating both the sprea...

GHSA-RCQX-6Q8C-2C42 Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State

Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. You are vulnerable if all of the following is true: - you are using attribute spreading on a form element - you are using attribute spreading or allow a dynamic value for the...

QRMenümPro Menu Panel security vulnerabilities

QRMenümPro Menu Panel is a backend management panel for the intelligent menu system developed by the Turkish company QRMenümPro. The QRMenümPro Menu Panel versions dated 29012026 and earlier contained security vulnerabilities. These vulnerabilities were caused by user-controllable keys that allow...

CVE-2024-34698

FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the /public/js/main.js source file. The Prototype Pollution arises because the getQueryParam Function recursively merges an object containing...

Aksis AxOnboard 安全漏洞

Aksis AxOnboard is a human resource management software from the Turkish company Aksis. A security vulnerability exists in Aksis AxOnboard version 3.2.0 up to and including version 3.3.0, which originates from a user-controllable key leading to an authorization bypass that could exploit trusted...

WordPress plugin Miraculous Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CB Project CVLand 安全漏洞

CB Project CVLand is a recruitment mobile application from CB Project Turkey. A security vulnerability exists in CB Project CVLand versions 2.1.0 through 20251103, which stems from a user-controllable key leading to an authorization bypass that could lead to a parameter injection attack...

AKINSOFT QRMenu 安全漏洞

AKINSOFT QRMenu is a digital menu system from the Turkish company AKINSOFT. A security vulnerability exists in AKINSOFT QRMenu version 1.05.12 up to and including version 05.09.2025, which originates from a user-controllable key leading to authorization bypass, which may lead to privilege abuse...

EUVD-2017-1242

Malware in sbrugna...

EUVD-2021-25059

Malware in sbrugna...

EUVD-2024-34994

Malicious code in bioql PyPI...

EUVD-2023-23476

Malicious code in bioql PyPI...

EUVD-2025-7080

Malicious code in bioql PyPI...

Anadolu Hayat Emeklilik AHE Mobile 安全漏洞

Anadolu Hayat Emeklilik AHE Mobile is a pension plan mobile application from Anadolu Hayat Emeklilik, Turkey. A security vulnerability exists in Anadolu Hayat Emeklilik AHE Mobile version 1.9.7 up to and including version 1.9.9, which stems from a user-controllable key leading to an authorization...

WordPress plugin Upcoming Events Lists security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

Esbi Bilişim Auto Service Software 安全漏洞

Esbi Bilişim Auto Service Software is an auto service software from Esbi Bilişim, Turkey. A security vulnerability exists in Esbi Bilişim Auto Service Software version 4.56.00.00 and prior versions, which originates from a user-controllable SQL primary key leading to an authorization bypass, whic...

Patika Global HumanSuite 安全漏洞

Patika Global HumanSuite is a human resource management platform from Patika Global, Turkey. A security vulnerability exists in Patika Global HumanSuite versions prior to 53.21.0, which stems from a user-controllable key leading to authorization bypass and improper authorization, which could be...

Beefull App 安全漏洞

Beefull App is a shared energy network application from Beefull Turkey. A security vulnerability exists in Beefull App versions prior to 24.07.2025, which stems from a user-controllable key leading to an authorization bypass that could exploit trusted identifiers...

[SECURITY] Fedora 41 Update: rust-hashlink-0.10.0-1.fc41

HashMap-like containers that hold their key-value pairs in a user controllable order...

CVE-2024-8556

A stored cross-site scripting XSS vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable string run ID is appended and rendered as HTML. This allows ...