EUVD-2025-4244

Malicious code in bioql PyPI...

EUVD-2023-43954

Malicious code in bioql PyPI...

EUVD-2023-54031

Malicious code in bioql PyPI...

EUVD-2024-28084

Malicious code in bioql PyPI...

EUVD-2023-2483

Malicious code in bioql PyPI...

EUVD-2025-7395

Malicious code in bioql PyPI...

EUVD-2025-27231

Malicious code in bioql PyPI...

CVE-2025-10053 TableGen – Data Table Generator <= 1.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting

The TableGen – Data Table Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-9333

CVE-2025-9333 affects the WordPress plugin Smart Docs. The vulnerability is a Stored Cross-Site Scripting flaw in admin settings for versions up to and including 1.1.1, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access with administrator-lev...

CVE-2025-20357

A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-base...

CVE-2025-54591

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below expose information about feeds and tags of default admin users, due to lack of access checking in the FreshRSSAuth::hasAccess function used by some of the tag/feed related endpoints. FreshRSS controllers usually have a...

CVE-2024-5200

The Postie WordPress plugin before 1.9.71 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-57877 Reflected XSS vulnerability in Portal for ArcGIS.

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...

CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...

CVE-2025-41245 VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)

VMware Aria Operations contains an information disclosure vulnerability. A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations...

CVE-2025-41245

CVE-2025-41245 is an information disclosure vulnerability in VMware Aria Operations. The connected CNVD entry explicitly describes a local user with non-administrative privileges leaking other users’ credentials within Aria Operations. The exploit would allow credential disclosure of other Aria O...

CVE-2025-41244 VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...

PT-2025-39851

Name of the Vulnerable Software and Affected Versions VMware vCenter affected versions not specified Description VMware vCenter contains an SMTP header injection vulnerability. An attacker with non-administrative privileges on vCenter, who has permission to create scheduled tasks, may be able to...

CVE-2025-11040

CVE-2025-11040 affects code-projects Hostel Management System 1.0. The vulnerability is a SQL injection in the file /justines/admin/mod_users/index.php?view=view, caused by unsafely manipulating the parameter ID. It is exploitable remotely and an exploit is publicly available. Multiple connected ...

CVE-2025-59826 FlagForgeCTF Vulnerable to Unauthorized Problem Creation

Flag Forge is a Capture The Flag CTF platform. In version 2.1.0, non-admin users can create arbitrary challenges, potentially introducing malicious, incorrect, or misleading content. This issue has been patched in version 2.2.0...