PT-2026-1128

Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 2.3.10 Description Bagisto, an open source Laravel eCommerce platform, is susceptible to server-side template injection. A normal customer, during the address addition step of an order, can inject a value that execute...

EUVD-2018-8786

Malware in sbrugna...

EUVD-2018-9066

Malware in sbrugna...

EUVD-2018-8785

Malware in sbrugna...

EUVD-2018-9067

Malware in sbrugna...

EUVD-2018-9064

Malware in sbrugna...

EUVD-2018-9071

Malware in sbrugna...

EUVD-2019-8005

Malware in sbrugna...

EUVD-2018-9070

Malware in sbrugna...

CVE-2025-41685 SMA: Sunny Portal limited disclosure of personal data of registered users to an authenticated user

A low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user's email address...

CVE-2025-21938

CVE-2025-21938 involves the Linux kernel mptcp subsystem. The race occurs when multiple parallel connection requests try to create an implicit MPTCP endpoint and none find the address in local_addr_list, causing concurrent mptcp_pm_nl_get_local_id/mptcp_pm_nl_append_new_local_addr calls to delete...

MAL-2022-5631 Malicious code in react-address-entry-field (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e38a7effef5dbe7ff2f8649fd6732aa50619a1072efb621d12ce458a70cd581 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-address-entry-field (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e38a7effef5dbe7ff2f8649fd6732aa50619a1072efb621d12ce458a70cd581 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cross site scripting

On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn and KeyDisplay parameter to /web/entry/en/address/adrsSetUserWizard.cgi...

RICOH MP C6003 Cross-Site Scripting Vulnerability

The RICOH MP C6003 is a multifunction printer device from Ricoh Japan. A cross-site scripting vulnerability exists in the address addition area of the RICOH MP C6003. A remote attacker can exploit this vulnerability by sending the 'entryNameIn' parameter to the...

CVE-2018-17311

On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...

CVE-2018-17314

On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...

CVE-2018-17312

On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...

Cross site scripting

On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...

Cross site scripting

On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...