MAL-2026-4520 Malicious code in class-blend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3876854a76bda6892f76b9b44c67e066bfc6315a7e3d27431137727ff0ee728 The package advertises itself as a clsx/twMerge-style class-name merging utility, but the exported applyGlobalStylespalette, accents function contain...

CVE-2025-65790

CVE-2025-65790 affects FuguHub 8.1. The vulnerability arises in the internal file manager interface (/fs/) where SVG files are served without sanitizing or restricting inline script execution, allowing a crafted SVG with a [removed] element to execute attacker-controlled JavaScript in the victim’...

EUVD-2005-1003

Malware in sbrugna...

EUVD-2023-41446

Malicious code in bioql PyPI...

EUVD-2024-47487

Malicious code in bioql PyPI...

EUVD-2021-8210

Malicious code in bioql PyPI...

Amazon Linux 2 : git (ALAS-2025-2941)

The version of git installed on the remote host is prior to 2.47.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2941 advisory. When a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be creat...

UBUNTU-CVE-2025-27614

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

CVE-2025-46910

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2024-20525

A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An...

CVE-2022-27637

Reflected cross-site scripting vulnerability in PukiWiki versions 1.5.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-25932

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since t...

CVE-2021-25934

In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the...

CVE-2021-43841

XWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configuration, it's possible for an attacker to upload an SVG containing a script executed when executing the download action on the file. This problem has been patched so that...

CVE-2012-4580

Cross-site scripting XSS vulnerability in McAfee Email and Web Security EWS 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway MEG 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Managemen...

CVE-2025-22479

Dell Storage Center - Dell Storage Manager, versions 20.0.21, contains an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection...

CVE-2024-51112

Open Redirect vulnerability in PNETLab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script. Affected software: PNETLab 5.3.11. Root cause: open redirect via URL parameters (e.g., box/link) that can be exploited to forward users to att...

Cross-site Scripting (XSS)

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of vulnerable form fields. An attacker can execute arbitrary scripts in the context of the user's...

CVE-2023-48254

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...

CVE-2023-27499 Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML

SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting XSS vulnerability. An attacker could craft a malicious URL and lure...