50 matches found
PT-2025-49551
In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting XSS. On the backend, the related vulnerabilities field of bundles accepted arbitrary strings without format validation or proper...
Vulnerability-Lookup 安全漏洞
Vulnerability-Lookup is an open source Vulnerability-Lookup platform for managing disclosure of vulnerabilities. A security vulnerability exists in Vulnerability-Lookup versions prior to 2.18.0 that stems from an HTTP GET request that can modify the application state, potentially leading to a...
PT-2025-49550
Some endpoints in vulnerability-lookup that modified application state e.g. changing database entries, user data, configurations, or other privileged actions may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw leaves the application vulnerable to Cross-Site...
EUVD-2025-31146
Malicious code in bioql PyPI...
EUVD-2025-0168
Malicious code in bioql PyPI...
CVE-2025-60249
vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...
CVE-2025-60249
vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...
CVE-2025-60249
vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...
PT-2025-39430
Name of the Vulnerable Software and Affected Versions vulnerability-lookup version 2.16.0 Description A cross-site scripting XSS issue exists in the handling of user-supplied input within the Bundles, Comments, and Sightings components of the software. Untrusted data was not properly sanitized...
Vulnerability-Lookup 跨站脚本漏洞
Vulnerability-Lookup is an open source Vulnerability-Lookup platform for managing disclosure of vulnerabilities. A cross-site scripting vulnerability exists in Vulnerability-Lookup version 2.16.0 that stems from insufficient cleanup of user input and could lead to a cross-site scripting attack...
CVE-2025-60249
CVE-2025-60249 affects vulnerability-lookup 2.16.0 and enables XSS via Bundles, Comments, and Sightings components (bundle.py, comment.py, user.py). The root cause is unsafe handling of user-supplied input, with untrusted data rendered in templates/tables due to innerHTML usage and insufficient v...
CVE-2025-60249
vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...
CVE-2025-60249
vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...
CVE-2025-32413
Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in website/web/views/user.py...
Vulnerability-Lookup 跨站脚本漏洞
Vulnerability-Lookup is an open source Vulnerability-Lookup platform for managing disclosure of vulnerabilities. A cross-site scripting vulnerability exists in Vulnerability-Lookup versions prior to 2.7.1, which stems from an unneutralized input in a user profile resulting in stored cross-site...
PT-2025-15324 · Unknown · Vulnerability-Lookup
Name of the Vulnerable Software and Affected Versions: Vulnerability-Lookup versions prior to 2.7.1 Description: The issue allows stored XSS via a user bio in the website/web/views/user.py file. This can potentially lead to malicious script execution when a user views the affected bio...
CVE-2025-32413
Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in website/web/views/user.py...
CVE-2025-24802 Soundness issue with Plonky2 look up tables
Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floornumroutedwires / 3 always include the 0 - 0 input-output pair. Thus a malicious prover can always prove that f0 = 0 for any lookup table f unless its length happens ...
CISCO-SA-20180418-WLC
creationtimestamp| type| source ---|---|--- 2024-12-17 09:00:35+00:00| seen| https://social.circl.lu/users/vulnerabilitylookup/statuses/113667342681977139...
CISCO-SA-20180620-NXOS
creationtimestamp| type| source ---|---|--- 2024-12-17 06:41:53+00:00| seen| https://social.circl.lu/users/vulnerabilitylookup/statuses/113666794789041150...