EUVD-2025-7917

Malicious code in bioql PyPI...

CVE-2025-30587

Cross-Site Request Forgery CSRF vulnerability in shawfactor LH OGP Meta lh-ogp-meta-tags allows Stored XSS.This issue affects LH OGP Meta: from n/a through = 1.73...

CVE-2025-30587 WordPress LH OGP Meta plugin <= 1.73 - CSRF to Stored XSS Vulnerability

Cross-Site Request Forgery CSRF vulnerability in shawfactor LH OGP Meta lh-ogp-meta-tags allows Stored XSS.This issue affects LH OGP Meta: from n/a through = 1.73...

WordPress LH OGP Meta plugin <= 1.73 - CSRF to Stored XSS Vulnerability

CSRF to Stored XSS Vulnerability discovered by Abdi Pranata in WordPress Plugin LH OGP Meta versions = 1.73...

PT-2023-7206 · Unknown +2 · Bouncy Castle For Java +2

Name of the Vulnerable Software and Affected Versions: Bouncy Castle for Java versions prior to 1.73 BC-FJA versions prior to 1.0.2.4 Description: The issue is related to insufficient input validation in the Bouncy Castle org.bouncycastle.openssl.PEMParser class, which parses OpenSSL PEM encoded...

PYSEC-2023-67

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disable...

PT-2023-23730 · Synapse · Synapse

Name of the Vulnerable Software and Affected Versions: Synapse versions up to and including 1.73 Description: A malicious user on a Synapse homeserver with permission to create certain state events can disable outbound federation from one homeserver to another. This is possible due to the lack of...

Input validation

Improper verification when expanding ZIP64 archives in Lhaplus versions 1.73 and earlier may lead to unintended contents to be extracted from a specially crafted ZIP64 archive...

JVN#57842148: Lhaplus vulnerable to improper verification when expanding ZIP64 archives

Lhaplus is file compression/decompression software. Lhaplus does not treat ZIP64 archives properly when expanding. Impact An unintended content may be extracted from a crafted ZIP64 archive. Solution Update the Software Update to the latest version according to the information provided by the...

OneThird CMS Cross-Site Scripting Vulnerability (CNVD-2017-06227)

OneThird CMS is a lightweight content management system CMS for web application frameworks. A cross-site scripting vulnerability exists in the contact.php file in OneThird CMS 1.73 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

JVN#13003724: OneThird CMS vulnerable to cross-site scripting

OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability CWE-79 due to an issue in processing the inquiry form. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Software Update to the latest version according to the...