EUVD-2025-38059

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icopydoc Import from YML import-from-yml allows Reflected XSS.This issue affects Import from YML: from n/a through = 3.1.17...

CVE-2025-64232

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icopydoc Import from YML import-from-yml allows Reflected XSS.This issue affects Import from YML: from n/a through = 3.1.17...

CVE-2025-64232 WordPress Import from YML plugin <= 3.1.17 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icopydoc Import from YML import-from-yml allows Reflected XSS.This issue affects Import from YML: from n/a through = 3.1.17...

CVE-2025-64232

CVE-2025-64232 affects the WordPress Import from YML plugin (versions through 3.1.17). The vulnerability is a reflected cross-site scripting (XSS) flaw caused by improper neutralization of input during web page generation, enabling attacker-controlled input to be reflected in resulting pages. Imp...

Allocation of Resources Without Limits or Throttling

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

DEBIAN-CVE-2025-61771

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

CVE-2025-61772 Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory witho...

EUVD-2023-3311

Malicious code in bioql PyPI...

EUVD-2023-3099

Malicious code in bioql PyPI...

CVE-2023-6889

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17...

PT-2023-32800 · Unknown · Thorsten/Phpmyfaq

Name of the Vulnerable Software and Affected Versions: thorsten/phpmyfaq versions prior to 3.1.17 Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application stores user input without proper validation, allowing attackers to inject malicious scripts...

phpMyFAQ Cross-Site Scripting Vulnerability

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.1.17, which stems from vulnerability to stored cross-site scripting XSS attacks...

Netatalk 3.1.x < 3.1.17 RCE Vulnerability

Netatalk is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:netatalk:netatalk...

CVE-2019-3850

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly in the same window. Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more...

CVE-2019-3850

Moodle prior to 3.6.3, 3.5.5, 3.4.8 and 3.1.17 is affected by CVE-2019-3850. The issue arises because links in assignment submission comments could be opened in the same browser window, and without a no-referrer policy this can be exploited. Affected versions, impact details, and CVSS metrics are...