EUVD-2024-35224

Malicious code in bioql PyPI...

EUVD-2025-25632

Malicious code in bioql PyPI...

CVE-2025-5352

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

CVE-2025-5352

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

CVE-2025-5352

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

CVE-2025-5352 Environment Variable XSS in Analytics Component in lunary-ai/lunary

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

PT-2025-34524 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions up to 1.9.23 Description: A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component. The NEXT PUBLIC CUSTOM SCRIPT environment variable is directly injected into the DOM using...

CVE-2020-26264

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly...

CVE-2024-35171

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.25...

PT-2024-26353 · Unknown · Academy Lms

Name of the Vulnerable Software and Affected Versions: Academy LMS versions 1.9.25 and earlier Description: The issue is related to the exposure of sensitive information to an unauthorized actor. Recommendations: For versions 1.9.25 and earlier, update to a version later than 1.9.25 to resolve th...

WordPress Academy LMS plugin <= 1.9.25 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Academy LMS versions = 1.9.25...

PT-2023-12269 · Phpcms · Phpcms

Name of the Vulnerable Software and Affected Versions: phpwcms version 1.9.25 Description: The issue allows remote attackers to run arbitrary code via a crafted file upload to the "include/inc lib/general.inc.php" endpoint. Recommendations: For phpwcms version 1.9.25, update to a newer version th...

phpwcms 代码问题漏洞

phpwcms is an open source web content management system. It is fast, easy to install and can run on any standard web server platform that supports PHP/MySQL. A file upload vulnerability exists in phpwcms version 1.9.25. A remote attacker can exploit this vulnerability to execute arbitrary code by...

phpwcms 路径遍历漏洞

phpwcms is an open source web content management system. It is fast, easy to install and can run on any standard web server platform that supports PHP/MySQL. A directory traversal vulnerability exists in phpwcms version 1.9.25. A remote attacker can exploit this vulnerability to delete arbitrary...

phpwcms 代码注入漏洞

phpwcms is an open source web content management system. It is fast, easy to install and runs on any standard web server platform that supports PHP/MySQL. A security vulnerability exists in phpwcms version 1.9.25, which stems from a vulnerability that allows remote attackers to run arbitrary code...

PT-2023-12268 · Phpcms · Phpcms

Name of the Vulnerable Software and Affected Versions: phpcms version 1.9.25 Description: The issue allows remote attackers to delete arbitrary files due to a directory traversal vulnerability. This is achieved by exploiting an unfiltered file parameter in the unlink method within the include/inc...

CVE-2020-26264

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly...