EUVD-2025-23996

Malicious code in bioql PyPI...

EUVD-2022-51553

Malicious code in bioql PyPI...

EUVD-2023-2433

Malicious code in bioql PyPI...

CVE-2025-6067

The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-caption and data-linktext parameters in all versions up to, and including, 6.6.7 due to insufficient input sanitization and output escaping. This make...

CVE-2025-6067

The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-caption and data-linktext parameters in all versions up to, and including, 6.6.7 due to insufficient input sanitization and output escaping. This make...

CVE-2025-6067 Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-caption and data-linktext parameters in all versions up to, and including, 6.6.7 due to insufficient input sanitization and output escaping. This make...

CVE-2025-6067

Summary: CVE-2025-6067 affects the WordPress plugin “Easy Social Feed – Social Photos Gallery – Post Feed – Like Box” (versions up to 6.6.7). It exposes a stored DOM-based cross-site scripting vulnerability via the data-caption and data-linktext parameters, exploitable by authenticated users with...

CVE-2025-6067 Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-caption and data-linktext parameters in all versions up to, and including, 6.6.7 due to insufficient input sanitization and output escaping. This make...

PT-2025-36346

Name of the Vulnerable Software and Affected Versions: Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress versions through 6.6.7 Description: The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is susceptible to Stored...

OESA-2025-2073 zvbi security update

The ZVBI library provides functions to read from Linux V4L, V4L2 and FreeBSD BKTR raw VBI capture devices, from Linux DVB devices and from a VBI proxy to share V4L and V4L2 VBI devices between multiple applications. It can demodulate raw to sliced VBI data in software, with support for a wide ran...

Linux Distros Unpatched Vulnerability : CVE-2024-34481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page. CVE-2024-34481 Note that Nessus relies on the...

GHSA-6QCG-28JH-HM7R Liferay Portal Reflected XSS in blogs-web

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.133, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows an...

CVE-2025-4576

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.133, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows an...

CVE-2025-4576

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.133, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows an...

CVE-2025-4576

CVE-2025-4576 describes a reflected XSS in Liferay Portal 7.4.0–7.4.3.133 and Liferay DXP versions listed (various 2024/Qx and 2025/Q1 ranges, up to 7.4 GA with update 92). The vulnerability allows a remote, non-authenticated attacker to inject JavaScript into the page at modules/apps/blogs/blogs...

PT-2025-32363

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.133 Liferay DXP versions 2025.Q1.0 through 2025.Q1.4 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q2.0 through 2024.Q2....

Regular Expression Denial of Service (ReDoS)

Overview pymdown-extensions is an Extension pack for Python Markdown. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the figure caption extension, pymdownx.blocks.caption. A user could exploit this vulnerability by crafting a malicious input tha...

CVE-2025-6068

The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-caption-title & data-caption-description HTML attributes in all versions up to, and including, 2.4.31 due to insufficient input...

CVE-2025-5944

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-caption’ attribute in all versions up to, and including, 8.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Cross-site Scripting (XSS)

Overview org.webjars.npm:uikit is a lightweight and modular front-end framework for developing fast and powerful web interfaces. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the data-caption attribute due to insufficient input sanitisation and output escaping. A...