CVE-2025-23887

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scottwallick Blog Summary blog-summary allows Stored XSS.This issue affects Blog Summary: from n/a through = 0.1.2 β...

MAL-2025-99352 Malicious code in allan-teadev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5b2f08144cdb467a109a31800a506740ce1b3552416a79e118e8c59e8ac9f7a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-79838

Malicious code in allan-teadev npm...

EUVD-2025-3505

Malicious code in bioql PyPI...

CVE-2025-23887

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scottwallick Blog Summary blog-summary allows Stored XSS.This issue affects Blog Summary: from n/a through = 0.1.2 β...

wallaceallan.co.uk Cross Site Scripting vulnerability OBB-3133383

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

pgjdbc Arbitrary File Write Vulnerability

Overview The connection properties for configuring a pgjdbc connection are not meant to be exposed to an unauthenticated attacker. While allowing an attacker to specify arbitrary connection properties could lead to a compromise of a system, that's a defect of an application that allows...

NorthSec CTF 2021 Write Up: 'Impurity Assessment Form'

This is a write up of a NorthSec 2021 CTF problem I solved with Allan Wirth @AllanWirth as part of team SaaS which finished in 3rd. It was an extremely creative problem to solve so I wanted to share it here...

Patch Tuesday, Good Riddance 2020 Edition

Microsoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load. Nine of the 58 security vulnerabilities addressed this month earned Microsofts most-dire "critical" label, meaning they can be abused by malware or miscreants to...

allan-morris.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-281481 Description| Value ---|--- Affected Website:| allan-morris.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Unfixed XSS vulnerability at news.gzhu.edu.cn

Security researcher allan, has submitted on 15/10/2010 a cross-site-scripting XSS vulnerability affecting news.gzhu.edu.cn, which at the time of submission ranked 70777 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/12/2011. It is currently...

SQL Injection in fechangepassword

It has been discovered that the extension fechangepassword is open for a SQL injection when updating the password. Component Type: Third party extension. This extension is not part of the TYPO3 default installation Affected Versions: Version 2.1.2 and all versions below Vulnerability Type: SQL...