PT-2026-41977

Summary A stored cross-site scripting XSS vulnerability exists in HAX CMS due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page is viewed. This enables attackers to execute arbitrary JavaScript in the conte...

CVE-2026-27615 ADB-Explorer: UNC Path Support in ManualAdbPath Leads to Remote Code Execution (RCE)

ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the ManualAdbPath settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming Convention UNC path in the application's settings file. This...

CVE-2026-26959

ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below fail to validate the integrity or authenticity of the ADB binary path specified in the ManualAdbPath setting before executing it, allowing arbitrary code execution with the privileges of the current user. An attacker can...

PT-2026-7213

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...

CVE-2023-50175

Stored cross-site scripting vulnerability exists in the App Settings /admin/app page, the Markdown Settings /admin/markdown page, and the Customize /admin/customize page of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser o...

EUVD-2019-3896

Malware in sbrugna...

EUVD-2010-0411

Malware in sbrugna...

EUVD-2019-8742

Malware in sbrugna...

EUVD-2021-19512

Malware in sbrugna...

EUVD-2021-17066

Malware in sbrugna...

EUVD-2024-31763

Malicious code in bioql PyPI...

EUVD-2025-8216

Malicious code in bioql PyPI...

EUVD-2025-12269

Malicious code in bioql PyPI...

EUVD-2022-42711

Malicious code in bioql PyPI...

MAL-2025-191842 Malicious code in python-uvicorn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5396386b3e45bc2cc83befa80cc1843f6d8374728a22274ffbbc124319ddc16d Malicious copy of uvicorn package with added healthcheck endpoint that exfiltrates application settings/env vars --- Category: MALICIOUS - The campaign has...

CVE-2025-41648

CVE-2025-41648 affects Pilz IndustrialPI Webstatus. An unauthenticated remote attacker can bypass the login to the IndustrialPI web application, allowing access to and modification of all available settings. The available connected docs consistently describe this as an authentication bypass leadi...

CVE-2024-54001

Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields applicationlanguage, applicationdateformat,applicationtimezone and applicationtimeformat allow arbirary user input which is reflected...

CVE-2021-30126

Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query...

CVE-2025-29621

Francois Jacquet RosarioSIS v12.0.0 was discovered to contain a content spoofing vulnerability in the Theme configuration under the My Preferences module. This vulnerability allows attackers to manipulate application settings...

CVE-2025-29621

Francois Jacquet RosarioSIS v12.0.0 was discovered to contain a content spoofing vulnerability in the Theme configuration under the My Preferences module. This vulnerability allows attackers to manipulate application settings...