CVE-2023-31434

The parameters nutzertitel, nutzervn, and nutzernn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations...

CVE-2025-23213

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both can contain malicious content XSS Payloads. This vulnerability is fixed in 1.5.28...

CVE-2025-67341

jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability allows attackers to upload PDF files containing XSS payloads. Additionally, these PDF files can be accessed via static URLs, making them accessible to all users...

CVE-2025-11504

The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0.0.9 to 0.1.17 through the /wp-content/plugins/quickcreator/dupasrala.txt file. This makes it possible for unauthenticated attackers to view the plugin's API key and subsequently us...

CVE-2025-11504

CVE-2025-11504 concerns the Quickcreator – AI Blog Writer plugin for WordPress. Affected versions 0.0.9–0.1.17 expose the plugin’s API key via the /wp-content/plugins/quickcreator/dupasrala.txt file, enabling unauthenticated access. The exposure permits attackers to obtain the API key and use it ...

CVE-2025-11504 Quickcreator – AI Blog Writer 0.0.9 - 0.1.17 - Unauthenticated API Key Exposure

The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0.0.9 to 0.1.17 through the /wp-content/plugins/quickcreator/dupasrala.txt file. This makes it possible for unauthenticated attackers to view the plugin's API key and subsequently us...

PT-2025-43593

Name of the Vulnerable Software and Affected Versions Quickcreator – AI Blog Writer plugin for WordPress versions 0.0.9 through 0.1.17 Description The Quickcreator – AI Blog Writer plugin for WordPress is susceptible to exposure of sensitive information. An unauthenticated attacker can access the...

EUVD-2021-23962

Malware in sbrugna...

EUVD-2021-11246

Malware in sbrugna...

EUVD-2017-6733

Malware in sbrugna...

EUVD-2021-11241

Malware in sbrugna...

EUVD-2021-11507

Malware in sbrugna...

EUVD-2023-57772

Malicious code in bioql PyPI...

EUVD-2023-35742

Malicious code in bioql PyPI...

EUVD-2023-34009

Malicious code in bioql PyPI...

EUVD-2023-59270

Malicious code in bioql PyPI...

EUVD-2022-24907

Malicious code in bioql PyPI...

EUVD-2022-35218

Malicious code in bioql PyPI...

EUVD-2024-32162

Malicious code in bioql PyPI...

CVE-2025-51862

Insecure Direct Object Reference IDOR vulnerability in TelegAI telegai.com thru 2025-05-26 in its chat component. An attacker can exploit this IDOR to tamper other users' conversation. Additionally, malicious contents and XSS payloads can be injected, leading to phishing attack, user spoofing and...