1056 matches found
EUVD-2022-33639
Malicious code in bioql PyPI...
EUVD-2022-31939
Malicious code in bioql PyPI...
EUVD-2022-29469
Malicious code in bioql PyPI...
EUVD-2023-52911
Malicious code in bioql PyPI...
EUVD-2023-41052
Malicious code in bioql PyPI...
EUVD-2023-31023
Malicious code in bioql PyPI...
EUVD-2022-6603
Malicious code in bioql PyPI...
EUVD-2025-32278
The Event Tickets, RSVPs, Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ticketspot' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2025-10179
The My AskAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'myaskai' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2025-10126
The MyBrain Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugins's 'mbumap' shortcode in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-57642
CVE-2025-57642 affects Tourism Management System 2.0 with a shell-upload vulnerability that allows uploading and executing PHP shells, enabling remote code execution and unauthorized access. CVSS v3.1 metrics indicate Network access, Low attack complexity, Privileges required: High, with Confiden...
POS Point of Sale System 6776.php File Cross-Site Scripting Vulnerability
POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of the...
WordPress plugin AI ChatBot for WordPress 安全漏洞
WordPress AI ChatBot for WordPress plugin is an Artificial Intelligence ChatBot plugin designed for WordPress websites, which is mainly used to provide 24/7 automated customer service support, generate leads, collect user information and other features. The WordPress AI ChatBot for WordPress plug...
CVE-2025-6757
The Recent Posts Widget Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rpwe' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9493
The Admin Menu Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...
Permissive Regular Expression
Overview @mathharo/promptcraft-sanitize is a Sanitizer fix for overlapping multi-token patterns. Affected versions of this package are vulnerable to Permissive Regular Expression due to insufficient replacement of multi-character tokens. An attacker can execute arbitrary scripts in the context of...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper validation of user input in the datacode, datalang0key, datalang0value, datalang1key, and datatitle parameters within the /apprain/developer/language/lipsum.xml process. An attacker can execute...
CVE-2025-8150
The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typewriter and Countdown widgets in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-5083
The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Linux Distros Unpatched Vulnerability : CVE-2019-3826
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated...