Brightpick Mission Control 安全漏洞

Brightpick Mission Control is a centralized control platform for mission management from Brightpick USA. A security vulnerability exists in Brightpick Mission Control that stems from the inclusion of hard-coded credentials in a client-side JavaScript package...

CVE-2025-64308

Brightpick Mission Control web application exposes hardcoded credentials in the client-side JavaScript bundle. The vulnerability can enable unauthorized access to credentials and could allow manipulation of robot control functions through an unauthenticated interface and via WebSocket traffic, pe...

EUVD-2025-197665

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...

WordPress plugin eRoom 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-56800

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...

EUVD-2025-35227

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...

EUVD-2021-21213

Malware in sbrugna...

EUVD-2015-2821

Malware in sbrugna...

EUVD-2017-3337

Malware in sbrugna...

EUVD-2011-3354

Malware in sbrugna...

CVE-2025-54800

CVE-2025-54800 describes a persistent XSS in Hydra (Nix-based CI) where a malicious package could inject arbitrary JavaScript into Hydra’s database, which then gets evaluated in a client’s browser when visiting the build page. The issue is stated as fixed by commit dea1e16; workarounds include no...

CVE-2025-53624 docusaurus-plugin-content-gists Exposes GitHub Personal Access Token

The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...

CVE-2025-53624 docusaurus-plugin-content-gists Exposes GitHub Personal Access Token

The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...

CVE-2025-53624

The CVE-2025-53624 entry concerns the Docusaurus plugin docusaurus-plugin-content-gists. Versions prior to 4.0.0 are vulnerable because a GitHub Personal Access Token passed via plugin configuration could be exposed in production build artifacts, embedding the token in client-side JavaScript bund...

CVE-2025-47943 Gogs stored XSS in PDF renderer

Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting XSS vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated componen...

CVE-2025-48373

Schule is open-source school management system software. The application relies on client-side JavaScript index.js to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk because it assumes that the value of data.role is...

CVE-2025-48373

Schule is open-source school management system software. The application relies on client-side JavaScript index.js to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk because it assumes that the value of data.role is...

CVE-2025-48373

Schule has a client-side RBAC bypass prior to version 1.0.1: the app trusts data.role in the browser to redirect users to panels, allowing an attacker to set data.role to values like “admin” and access restricted areas. The root cause is insecure client-side role handling. Affected: Schule open-s...

CVE-2014-2866

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code...

CVE-2019-17207

A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker aka Broken Link Checker plugin 1.11.8 for WordPress. This allows unauthorized users to inject client-side JavaScript into an admin-only WordPress page via the...