5207 matches found
EUVD-2022-39255
Malicious code in bioql PyPI...
EUVD-2022-46128
Malicious code in bioql PyPI...
EUVD-2024-46785
Malicious code in bioql PyPI...
EUVD-2022-30134
Malicious code in bioql PyPI...
EUVD-2025-22148
Malicious code in bioql PyPI...
EUVD-2024-32386
Malicious code in bioql PyPI...
EUVD-2025-18324
Malicious code in bioql PyPI...
CVE-2025-8720
CVE-2025-8720 (Plugin README Parser) affects WordPress Plugin README Parser versions up to and including 1.3.15. The root cause is insufficient input sanitization and output escaping for the target parameter, enabling a Stored Cross-Site Scripting (XSS) attack. Exploitation requires authenticated...
Malicious code in web-scripts-application (npm)
The package web-scripts-application was found to contain malicious code...
MAL-2025-38974 Malicious code in web-scripts-application (npm)
The package web-scripts-application was found to contain malicious code...
PT-2025-32622 · WordPress · Simple Responsive Slider
Name of the Vulnerable Software and Affected Versions: Simple Responsive Slider versions prior to 2.0 Description: The Simple Responsive Slider plugin for WordPress is susceptible to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated...
CVE-2025-8295
The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccessmsg’ parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2025-51629
A cross-site scripting XSS vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Temp parameter...
PT-2025-32293 · Unknown · Agenzia Impresa Eccobook
Name of the Vulnerable Software and Affected Versions: Agenzia Impresa Eccobook version 2.81.1 Description: A cross-site scripting XSS vulnerability exists in the PdfViewer component. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Temp...
CVE-2025-7727
The Gutenverse plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Fun Fact blocks in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-51534
A cross-site scripting XSS vulnerability in Austrian Archaeological Institute AI OpenAtlas v8.11.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field...
CVE-2025-26065
A cross-site scripting XSS vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network...
PT-2025-32097 · WordPress · Betheme
Name of the Vulnerable Software and Affected Versions: Betheme theme for WordPress versions prior to 28.1.4 Description: The Betheme theme for WordPress is susceptible to Stored Cross-Site Scripting through an Elementor display setting. Insufficient input sanitization and output escaping allows...
PT-2025-31915 · WordPress · Employee Directory
Name of the Vulnerable Software and Affected Versions: Employee Directory plugin for WordPress versions up to and including 4.5.1 Description: The Employee Directory plugin for WordPress is susceptible to Stored Cross-Site Scripting through the noaccess msg parameter due to insufficient input...
CVE-2025-51534
A cross-site scripting XSS vulnerability in Austrian Archaeological Institute AI OpenAtlas v8.11.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field...