EUVD-2024-51732

Malicious code in bioql PyPI...

CVE-2025-27624

A cross-site request forgery CSRF vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets e.g., Build Queue and Build Executor Status widgets...

Tawk.to Live Chat < 0.6.0 - Subscriber+ Visitor Monitoring & Chat Removal

The plugin does not have capability and CSRF checks in the tawktosetwidget and tawktoremovewidget AJAX actions, available to any authenticated user. The first one allows low-privileged users including simple subscribers to change the 'tawkto-embed-widget-page-id' and 'tawkto-embed-widget-widget-i...

CVE-2019-6546

GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements...

PT-2019-18158 · Ge · Ge Communicator

Name of the Vulnerable Software and Affected Versions: GE Communicator versions prior to 4.0.517 Description: The issue allows an attacker to place malicious files within the working directory of the program, potentially enabling the manipulation of widgets and UI elements. Recommendations: For...