Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting

Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2019-7219 info: name: Zarafa WebApp =2.0.1.47791 -...

EUVD-2021-32194

Malicious code in bioql PyPI...

Malicious code in modal-arbitary (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-6634 Malicious code in modal-arbitary (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-10909

The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via formpreviewshortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running...

Ubuntu: Security Advisory (USN-7486-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

BIT-GITLAB-2025-0555 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

A Cross Site Scripting XSS vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions...

CVE-2024-47238

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution...

ABB Cylon Aspect 3.08.01 jsonProxy.php Servlet Inclusion Authentication Bypass Vulnerability

ABB Cylon Aspect version 3.08.01 is vulnerable to remote, arbitrary servlet inclusion. The jsonProxy.php endpoint allows unauthenticated remote attackers to access internal services by proxying requests to localhost. This results in an authentication bypass, enabling attackers to interact with...

CVE-2024-45962

October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting XSS attack or execute arbitrary code via a crafted JavaScript to the target...

CVE-2024-44720

SeaCMS v13.1 is affected by an arbitrary file read in the admin_safe.php component. The vulnerability exposes file contents and is described across Red Hat/NVD/CNNVD/CVE records, with the issue scoped to SeaCMS 13.1 and the admin_safe.php handler. The CVSS 3.1 base scores indicate HIGH confidenti...

EulerOS Virtualization 2.11.0 : util-linux (EulerOS-SA-2024-2203)

According to the versions of the util-linux package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.QEMU has two operating modes: Full...

Exploit for Exposed IOCTL with Insufficient Access Control in Dell Dbutil

CVE-2021-21551 Proof of concept exploit for CVE-2021-21551, vu...

CVE-2024-27975

An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...

CVE-2024-28424

zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpicklematerializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...

USN-6592-1: libssh vulnerabilities

It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this issue to inject malicious code into the command of the features mentioned through the hostname parameter. CVE-2023-6004 It was discovered that libssh incorrectl...

CVE-2023-43269

pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability...

Open Redirect

gitlab is vulnerable to Open Redirect vulnerability. The vulnerability allows an attacker to redirect the users to arbitrary protocols...

Cross-site Scripting (XSS)

sanitize is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of sanitization in the gsub parameter of cleancss.rb, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

CVE-2020-26710

easy-parse v0.1.1 was discovered to contain a XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...