211 matches found
EUVD-2016-7499
Malware in sbrugna...
EUVD-2017-11825
Malware in sbrugna...
EUVD-2021-29059
Malicious code in bioql PyPI...
EUVD-2024-31913
Malicious code in bioql PyPI...
EUVD-2023-35760
Malicious code in bioql PyPI...
EUVD-2023-45609
Malicious code in bioql PyPI...
EUVD-2024-39387
Malicious code in bioql PyPI...
EUVD-2025-2767
Malicious code in bioql PyPI...
CVE-2025-42945
SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or it...
CVE-2025-42945 HTML Injection vulnerability in SAP NetWeaver Application Server ABAP
SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or it...
CVE-2025-42945 HTML Injection vulnerability in SAP NetWeaver Application Server ABAP
SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or it...
PT-2025-32606 · Sap · Sap Netweaver Application Server Abap
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP affected versions not specified Description: SAP NetWeaver Application Server ABAP is susceptible to an HTML injection issue. An attacker can construct a URL containing a malicious script as a payload,...
VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting (XSS)
VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Exploit Title: VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Date: 2025-08-08 - Exploit Author: Imraan Khan Lich-Sec - Vendor Homepage: https://www.vmware.com - Version: vSphere Client 8.0.3.0 - Tested On:...
CVE-2025-49653 Exposure of sensitive Information allows account takeover
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform...
CVE-2023-46238
ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to...
About Remote Code Execution & Arbitrary File Reading – Apache HTTP Server (CVE-2024-38475) vulnerability
About Remote Code Execution & Arbitrary File Reading - Apache HTTP Server CVE-2024-38475 vulnerability. Improper escaping of output in modrewrite module leads to remote code execution or arbitrary file reading. Successful exploitation does not require authentication. Apache HTTP Server 2.4.60,...
GHSA-RHVR-6W8C-6V7W Mattermost fails to invalidate all active sessions when converting a user to a bot
Mattermost versions 9.11.x = 9.11.6, 10.4.x = 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot...
CVE-2024-23831
LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used...
CVE-2024-42001
An improper authentication vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior enables an unauthenticated remote attacker to bypass authentication via a specially crafted direct request when another user has an active...
CVE-2024-55893 TYPO3 Cross-Site Request Forgery in Log Module
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...