39 matches found
PT-2026-22809
Name of the Vulnerable Software and Affected Versions FreeScout versions 1.8.206 and earlier Description FreeScout is susceptible to remote code execution RCE vulnerabilities CVE-2026-27636 and CVE-2026-28289. CVE-2026-27636 allows authenticated users with file upload permissions to execute code ...
CVE-2025-62571
creationtimestamp| type| source ---|---|--- 2025-12-09 17:29:16+00:00| seen| https://www.thezdi.com/blog/2025/12/9/the-december-2025-security-update-review 2025-12-09 17:39:18+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2025-0383...
Exploit for CVE-2025-57199
AvTech PoCs PoCs for...
Malicious Package
Overview @miro-site/features-standard-header is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerab...
Malicious Package
Overview ttttttttest is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview saddlebag-event-logger is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious Package
Overview medtimeline is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview getmeurl is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview intergalactic-documentation is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if th...
Malicious Package
Overview sensei-lms is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview order-link-builder is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...
Malicious Package
Overview @xunlie/vue-context-menu is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious Package
Overview jobcoin is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview epic-fortnite-webpack-config is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...
Malicious Package
Overview assets-common is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview @uc-maps/api.react is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...
Exploit for CVE-2020-1472
CVE-2020-1472 CVE-2020-147...
phplist 3.2.6 Cross Site Scripting
Security Advisory - Curesec Research Team 1. Introduction Affected phplist 3.2.6 Product: Fixed in: 3.3.1 Fixed Version https://sourceforge.net/projects/phplist/files/phplist/3.3.1/ Link: phplist-3.3.1.zip/download Vendor Website: https://www.phplist.org/ Vulnerability XSS Type: Remote Yes...
Jaws 1.1.1 Open Redirect / Object Injection / Cookie Flags Vulnerabilities
Jaws version 1.1.1 suffers from object injection, open redirection, and cookie flag related vulnerabilities. 1. Introduction Affected Product: Jaws 1.1.1 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://jaws-project.com/ Vulnerability Type: Object Injection, Open Redirect, Cooki...
Oxwall 1.8.0 Build 9900 Cross Site Scripting / Open Redirect
Security Advisory - Curesec Research Team 1. Introduction Affected Product: Oxwall 1.8.0 build 9900 Fixed in: 1.8.2 Fixed Version Link: https://developers.oxwall.com/download Vendor Website: http://www.oxwall.org/ Vulnerability Type: XSS & Open Redirect Remote Exploitable: Yes Reported to vendor:...