92 matches found
EUVD-2006-6612
Malware in sbrugna...
EUVD-2006-2836
Malware in sbrugna...
EUVD-2006-0453
Malware in sbrugna...
EUVD-2008-6498
Malware in sbrugna...
EUVD-2025-27136
Malicious code in bioql PyPI...
CVE-2025-40642
Reflected Cross-Site Scripting XSS vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the 'q' and 'engine' request parameters in /search...
CVE-2025-40642
Reflected Cross-Site Scripting XSS vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the 'q' and 'engine' request parameters in /search...
CVE-2025-40642 Reflected Cross-Site Scripting (XSS) in WebWork
Reflected Cross-Site Scripting XSS vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the 'q' and 'engine' request parameters in /search...
CVE-2025-40642 Reflected Cross-Site Scripting (XSS) in WebWork
Reflected Cross-Site Scripting XSS vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the 'q' and 'engine' request parameters in /search...
CVE-2025-40642
CVE-2025-40642 is a reflected Cross-Site Scripting (XSS) vulnerability in WebWork exploited via the q and engine parameters in /search. Affected software is WebWork; the vulnerability stems from improper handling of user-supplied input in the search query, enabling remote code execution in the co...
PT-2025-36458
Name of the Vulnerable Software and Affected Versions: WebWork affected versions not specified Description: A Reflected Cross-Site Scripting XSS issue exists in WebWork, potentially enabling remote attackers to execute arbitrary code. The vulnerability is triggered through the q and engine reques...
Codester WebWork - PHP Search Engine Script 跨站脚本漏洞
Codester WebWork - PHP Search Engine Script is an open source search engine script from Codester. A cross-site scripting vulnerability exists in Codester WebWork - PHP Search Engine Script, which stems from the fact that incorrect manipulation of the parameters q and engine can lead to reflective...
cn.sinapp.meutils:me-utils (=1.0), com.gnizr:gnizr-robot (=2.4.0-M4) +40 more potentially affected by CVE-2023-39022 via opensymphony:oscore (>=2.2.4 <=2.2.6)
opensymphony:oscore MAVEN version =2.2.4, =2.0, =2.1.5, =1.1.1, =1.1.3, =1.2, =1.2.3 and more Source cves: CVE-2023-39022 Source advisory: OSV:GHSA-859M-2PFX-FWHF...
Atlassian Jira Service Management 4.14.0 < 4.20.6 Seraph Authentication Bypass
According to its self-reported version number, the Atlassian Jira Service Management application running on the remote host is version 4.14.0 prior to 4.20.6 or 4.21.0 prior to 4.22.6. It is, therefore, affected by a authentication bypass vulnerability in Jira Seraph which may allow remote,...
Atlassian Jira Service Management 4.21.0 < 4.22.6 Seraph Authentication Bypass
According to its self-reported version number, the Atlassian Jira Service Management application running on the remote host is version 4.14.0 prior to 4.20.6 or 4.21.0 prior to 4.22.6. It is, therefore, affected by a authentication bypass vulnerability in Jira Seraph which may allow remote,...
Atlassian Jira < 3.13.2 WebWork 1 Parameter Injection Hole
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 3.13.2. It is, therefore, affected by a vulnerability which allows remote attackers to call exposed public methods via a webwork1 parameter injection. Note that the scanner ha...
SUSE CVE-2011-1772
Multiple cross-site scripting XSS vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 an action name, 2 the action attribute of an s:submit element, or 3 t...
SUSE CVE-2011-2088
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772....
Expression Language Injection
Expression Language EL has been defined as part of the Java Server Pages Standard Tag Library JSTL in order to offer developers a simple way to output data from an object model. Starting from the JSP 2.0 specification, Expression Language has been made available within JSP pages, but it is also...
Atlassian Jira Seraph Authentication Bypass
Atlassian Jira versions 8.13.18, 8.14.x, 8.15.x, 8.16.x, 8.17.x, 8.18.x, 8.19.x, 8.20.x 8.20.6, 8.21.x and Atlassian Jira Service Management versions 4.13.18, 4.14.x, 4.15.x, 4.16.x, 4.17.x, 4.18.x, 4.19.x, 4.20.x 4.20.6 and 4.21.x use a common authentication framework named Atlassian Jira Seraph...