142 matches found
CVE-2025-63883
A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 Bhabishya-123/E-commerce. The site's client-side JavaScript reads attacker-controlled input for example, values derived from the URL or page fragment and inserts it into the DOM via unsafe sinks...
CVE-2025-63883
CVE-2025-63883 affects electic-shop v1.0. The vulnerability is a DOM-based XSS in client-side code that reads attacker-controlled input (e.g., URL parameters or fragment) and writes it into the DOM using unsafe sinks such as innerHTML, insertAdjacentHTML, or document.write without proper sanitiza...
CVE-2025-23361
NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and da...
CVE-2025-63589
CMSimple_XH 1.8 is affected by a reflected XSS in the index.php router: attacker-controlled path segments are not sanitized/encoded before being inserted into generated HTML (navigation links, breadcrumbs, search form action, footer links), allowing arbitrary JavaScript in victims’ browsers via a...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the selectedLanguageId parameter. An attacker can execute arbitrary web scripts or inject HTML by supplying crafted input to this parameter. Details Cross-site scripting or XSS is a code vulnerability that...
EUVD-2020-0631
Malware in sbrugna...
EUVD-2020-24472
Malware in sbrugna...
EUVD-2012-6586
Malware in sbrugna...
EUVD-2021-1007
Malware in sbrugna...
EUVD-2025-24935
Malicious code in bioql PyPI...
EUVD-2022-1254
Malicious code in bioql PyPI...
EUVD-2021-7029
Malicious code in bioql PyPI...
EUVD-2022-46589
Malicious code in bioql PyPI...
Insecure Deserialization
DeepDiff is vulnerable to insecure deserialization.The vulnerability is due to class pollution via the Delta class constructor which, when combined with a gadget in DeltaDiff, allows an attacker to modify deepdiff.serialization.SAFETOIMPORT and trigger insecure Pickle deserialization through Delt...
Remote Code Execution (RCE)
@nestjs/devtools-integration is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sandboxing and missing cross-origin protections due to unsafe execution of attacker-controlled input in a JavaScript sandbox via the /inspector/graph/interact endpoint...
CVE-2012-10044
MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking fileputcontents on attacker-controlled input. An unauthenticated attacker can exploit this flaw by sending...
CVE-2012-10044 MobileCartly 1.0 savepage.php Arbitrary File Creation
MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking fileputcontents on attacker-controlled input. An unauthenticated attacker can exploit this flaw by sending...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the listNames function. An attacker can cause significant CPU consumption and degrade server performance by supplying a crafted regular expression and influencing the set of resource names...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the listNames function. An attacker can cause significant CPU consumption and degrade server performance by supplying a crafted regular expression and influencing the set of resource names...
ROS-20250619-11
The vulnerability of Pgpool-II connection balancing and management software tools is related to errors of input validation errors when processing directory traversal sequences in filenames. Exploitation exploitation of the vulnerability could allow a remote attacker to perform directory traversal...