CVE-2025-11308 Vanderlande Baggage 360 messages cross site scripting

A vulnerability was identified in Vanderlande Baggage 360 7.0.0. This issue affects some unknown processing of the file /api-addons/v1/messages. Such manipulation of the argument Message leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and...

EUVD-2022-44758

Malicious code in bioql PyPI...

EUVD-2024-35439

Malicious code in bioql PyPI...

EUVD-2025-11293

Malicious code in bioql PyPI...

EUVD-2024-25168

Malicious code in bioql PyPI...

EUVD-2023-30040

Malicious code in bioql PyPI...

EUVD-2022-52427

Malicious code in bioql PyPI...

EUVD-2023-37016

Malicious code in bioql PyPI...

EUVD-2023-30041

Malicious code in bioql PyPI...

EUVD-2023-30042

Malicious code in bioql PyPI...

EUVD-2023-53700

Malicious code in bioql PyPI...

EUVD-2023-45157

Malicious code in bioql PyPI...

EUVD-2024-36524

Malicious code in bioql PyPI...

EUVD-2023-37015

Malicious code in bioql PyPI...

CVE-2025-8564

CVE-2025-8564 — Stored Cross‑Site Scripting in SKT Addons for Elementor (WordPress) up to version 3.7 due to insufficient input sanitization and output escaping on user attributes. Exploitation requires authenticated access at contributor level or higher; attacker can inject scripts that execute ...

Beyond the Scope: Security Testing of Permission Management in Team Workspace

Nowadays team workspaces are widely adopted for multi-user collaboration and digital resource management. To further broaden real-world applications, mainstream team workspaces platforms, such as Google Workspace and Microsoft OneDrive, allow third-party applications referred to as add-ons to be...

airflow-add-ons (>=0.2.7 <=0.2.15), airflow-aws-shared-secrets (>=0.0.1 <=0.0.5) +101 more potentially affected by CVE-2025-5279 via redshift-connector (>=2.0.888 <=2.1.2)

redshift-connector PYPI version =2.0.888, =0.2.7, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.3, =0.1.0, =3.1.0rc1, =1.0.0, =0.1.1, =2.0.0, =3.0.0rc2 and more Source cves: CVE-2025-5279 Source advisory: OSV:GHSA-R244-WG5G-6W2R...

CVE-2024-35680

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through = 4.9.2...

CVE-2024-37244

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ninja Team Ninja Beaver Add-ons for Beaver Builder allows Stored XSS.This issue affects Ninja Beaver Add-ons for Beaver Builder: from n/a through 2.4.5...

CVE-2023-26217

The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases a...