EUVD-2025-27427

Malicious code in bioql PyPI...

EUVD-2025-27429

Malicious code in bioql PyPI...

CVE-2025-55728

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the classes parameter in the panel macro allows remote code execution for any user who can edit any page The classes...

CVE-2025-55729

CVE-2025-55729 affects XWiki Remote Macros (ConfluenceLayoutSection macro) where missing escaping of the ac:type and use of the classes parameter in XWiki syntax enable remote code execution for users with edit access. The issue arises in versions 1.0 through 1.26.4 and is fixed in version 1.26.5...

CVE-2025-55728

CVE-2025-55728 concerns the XWiki Remote Macros package, specifically the panel macro. The issue arises from missing escaping of the classes parameter in the panel macro, which is used within XWiki syntax and can lead to XWiki syntax injection. Affects versions 1.0 through 1.26.4 (and up to 1.26....

CVE-2025-55728 XWiki Remote Macros vulnerable to remote code execution using the panel macro

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the classes parameter in the panel macro allows remote code execution for any user who can edit any page The classes...

xwiki-pro-macros 安全漏洞

xwiki-pro-macros is an open source tool from XWiki SAS. It can enhance the functionality of XWiki. A security vulnerability exists in xwiki-pro-macros versions prior to 1.26.5, which stems from a missing escape for the classes parameter and could lead to remote code execution...

PT-2025-36918

Name of the Vulnerable Software and Affected Versions: XWiki Remote Macros versions 1.0 through 1.26.5 Description: XWiki Remote Macros provides XWiki rendering macros used for content migration from Confluence. A lack of escaping for the classes parameter within the panel macro allows for remote...

NexusPHP SQL Injection Vulnerability (CNVD-2022-65363)

NexusPHP is a free and open source complete solution for building PT websites. NexusPHP version 1.5 is vulnerable to SQL injection, which can be exploited by remote attackers to execute arbitrary SQL commands via the classes parameter...

CVE-2020-24769

SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter...

NexusPHP SQL注入漏洞

NexusPHP is a free and open source complete solution for building PT websites. NexusPHP version 1.5 is vulnerable to SQL injection, which can be exploited by remote attackers to execute arbitrary SQL commands via the classes parameter...

Cross site scripting

The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the /views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1...

CVE-2021-38358 MoolaMojo <= 0.7.4.1 Reflected Cross-Site Scripting

The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the /views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1...

MoolaMojo <= 0.7.4.1 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the /views/button-generator.html.php file which allows attackers to inject arbitrary web scripts...