EUVD-2019-6588

Malware in sbrugna...

EUVD-2020-18319

Malware in sbrugna...

EUVD-2018-2590

Malware in sbrugna...

EUVD-2024-50977

Malicious code in bioql PyPI...

EUVD-2024-51532

Malicious code in bioql PyPI...

EUVD-2023-34148

Malicious code in bioql PyPI...

EUVD-2024-0641

Malicious code in bioql PyPI...

EUVD-2022-53400

Malicious code in bioql PyPI...

EUVD-2022-40753

Malicious code in bioql PyPI...

CVE-2024-45983

A Cross-Site Request Forgery CSRF vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerability allows an attacker to craft a malicious HTML form that submits a request to delete a doctor record. By enticing an authenticated admin user to visit the specially...

CVE-2023-37199

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored...

CVE-2021-30462

VestaCP through 0.9.8-24 allows the admin user to escalate privileges to root because the Sudo configuration does not require a password to run /usr/local/vesta/bin scripts...

CVE-2021-26200

The user area for Library System 1.0 is vulnerable to SQL injection where a user can bypass the authentication and login as the admin user...

CVE-2019-9751

An issue was discovered in Open Ticket Request System OTRS 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm...

CVE-2025-2929 Order Delivery Date Pro for WooCommerce < 12.4.0 - Reflected XSS

The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-1286

The CVE refers to WordPress plugin Download HTML TinyMCE Button (versions

CVE-2024-9663 CYAN Backup < 2.5.3 - Admin+ Stored XSS via Remote Storage Settings

The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9599 Popup Box < 4.7.8 - Admin+ Stored XSS

The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-8617 Quiz Maker <= 6.5.9.8 - Admin+ Stored XSS

The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13384 Photo Gallery, Images, Slider in Rbs Image Gallery < 3.2.24 - Admin+ Stored XSS

The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...