415 matches found
CVE-2025-61261
A reflected cross-site scripting XSS vulnerability has been identified in CKeditor allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...
EUVD-2025-38297
A reflected cross-site scripting XSS vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...
CVE-2023-7315
Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting XSS via the Graph Explorer component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2023-7319
Nagios Network Analyzer versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Percentile Calculator menu. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
FreeBSD : Mozilla -- mitigation bypass vulnerability (a240c31b-a394-11f0-9617-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a240c31b-a394-11f0-9617-b42e991fc52e advisory. [email protected] reports: The vulnerability has been rated as having moderate impact, affecting bot...
EUVD-2016-10558
Malware in sbrugna...
EUVD-2017-8224
Malware in sbrugna...
EUVD-2024-23387
Malicious code in bioql PyPI...
EUVD-2025-21026
Malicious code in bioql PyPI...
EUVD-2023-26417
Malicious code in bioql PyPI...
EUVD-2025-22709
Malicious code in bioql PyPI...
EUVD-2025-29229
Malicious code in bioql PyPI...
EUVD-2025-29227
Malicious code in bioql PyPI...
EUVD-2025-29224
Malicious code in bioql PyPI...
CVE-2025-59145
color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrenc...
CVE-2025-59330
error-ex allows error subclassing and stack customization. On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...
Rethinking AI Data Security: A Buyer's Guide
Generative AI has gone from a curiosity to a cornerstone of enterprise productivity in just a few short years. From copilots embedded in office suites to dedicated large language model LLM platforms, employees now rely on these tools to code, analyze, draft, and decide. But for CISOs and security...
GHSA-6JP5-HH4C-8C5H [email protected] contains malware after npm account takeover
Impact On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...
GHSA-PXX3-G568-HXR4 [email protected] contains malware after npm account takeover
Impact On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's...
GHSA-QRMH-QG46-72PP [email protected] contains malware after npm account takeover
Impact On 8 September 2025, the npm publishing account for color was taken over after a phishing attack. Version 5.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...