EUVD-2022-33047

Malicious code in bioql PyPI...

EUVD-2022-43053

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-28634

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile...

CVE-2025-34157

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting XSS attack in the project creation workflow. An authenticated user with low privileges can create a project with a maliciously crafted name containing embedded JavaScript. When an administrator attempts to...

CVE-2025-3467

An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat. When the administrator views the conversation content through the...

CVE-2025-3467

An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat. When the administrator views the conversation content through the...

CVE-2025-3467

An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat. When the administrator views the conversation content through the...

CVE-2024-21516

This affects versions of the package opencart/opencart from 4.0.0.0 and before 4.1.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The...

CVE-2024-1258

A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWTKEYADMIN leads to use of hard-coded cryptographic k...

CVE-2024-9677

The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this...

CVE-2019-7746

JioFi 4 jmr1140 AmtelJMR1140R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmapauth type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset...

CVE-2024-3110

A stored Cross-Site Scripting XSS vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest before 1.0.0. The vulnerability arises from the application's failure to properly sanitize and validate user-supplied URLs before embedding them...

Zyxel USG FLEX 安全漏洞

Zyxel USG FLEX is a firewall from China Hopkins Zyxel. Offering flexible VPN options IPsec, SSL or L2TP, it provides flexible and secure remote access for remote work and management. A security vulnerability exists in Zyxel USG FLEX that stems from inadequate protection against credentials in CLI...

CVE-2024-39314 toy-blog administrative token leaked through the command line parameter

toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...

CVE-2024-21516

Summary: CVE-2024-21516 affects opencart/opencart versions 4.0.0.0 through before 4.1.0.0. A reflected XSS exists in the directory parameter of the admin common/filemanager.list route. By tricking a user into clicking a malicious URL, an attacker can obtain the user’s token through login prompts,...

PT-2024-18928 · Opencart · Opencart

Name of the Vulnerable Software and Affected Versions: opencart/opencart version 4.0.0.0 Description: A reflected XSS issue was identified in the filename parameter of the "admin tool/log" route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. T...

Reflected Cross-site Scripting

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Reflected Cross-site Scripting. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to clic...

CVE-2024-3110

A stored Cross-Site Scripting XSS vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest before 1.0.0. The vulnerability arises from the application's failure to properly sanitize and validate user-supplied URLs before embedding them...

CVE-2024-3110

Concretely, CVE-2024-3110 affects mintplex-labs/anything-llm before version 1.0.0. The root cause is improper sanitization/validation of user-supplied URLs when embedding them as external links with icons, allowing a stored XSS via javascript: payloads. Exploitation requires user interaction (e.g...

PT-2024-23768 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions prior to 1.0.0 Description: A stored Cross-Site Scripting XSS vulnerability exists in the mintplex-labs/anything-llm application. The vulnerability arises from the application's failure to properly sanitize...