PT-2025-43694

Name of the Vulnerable Software and Affected Versions eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams versions through 1.5.6 Description The eRoom plugin for WordPress exposes Zoom SDK secret keys in client-side JavaScript within the meeting view template. This allows...

EUVD-2020-5523

Malware in sbrugna...

EUVD-2017-18325

Malware in sbrugna...

EUVD-2019-8009

Malware in sbrugna...

EUVD-2018-2681

Malware in sbrugna...

EUVD-2019-6604

Malware in sbrugna...

EUVD-2018-6559

Malware in sbrugna...

EUVD-2009-2316

Malware in sbrugna...

EUVD-2015-2000

Malware in sbrugna...

EUVD-2023-51441

Malicious code in bioql PyPI...

EUVD-2025-18995

Malicious code in bioql PyPI...

EUVD-2024-37369

Malicious code in bioql PyPI...

EUVD-2022-29559

Malicious code in bioql PyPI...

EUVD-2022-28256

Malicious code in bioql PyPI...

CVE-2025-50977

A template injection vulnerability leading to reflected cross-site scripting XSS has been identified in version 1.7.1, requiring authenticated admin access for exploitation. The vulnerability exists in the 'r' parameter and allows attackers to inject malicious Angular expressions that execute...

CVE-2025-50977

Gitblit (version 1.7.1) contains a template injection vulnerability that enables reflected XSS via the r parameter. Exploitation requires authenticated admin access and can be triggered through GET requests to the /summary endpoint or POST requests to certain Wicket interfaces, enabling injection...

8x8: █.8x8.vc/index.js: Exposed Google Maps API Key Allowing Potential Abuse of Paid Services

The Google Maps API key was inadvertently exposed in client-side code, allowing potential unauthorized access to some Google Maps services. The issue was promptly addressed by implementing appropriate API key restrictions where feasible...

Protect Client-Side Code and Certify the Authenticity of Data Collection

...

GHSA-XH32-CX6C-CP4V Gogs XSS allowed by stored call in PDF renderer

Summary A stored XSS is present in Gogs which allows client-side Javascript code execution. Details Gogs Version: docker images REPOSITORY TAG IMAGE ID CREATED SIZE gogs/gogs latest fe92583bc4fe 10 hours ago 99.3MB Application version: 0.14.0+dev Local setup using: bash Pull image from Docker Hub...

CVE-2025-47943

Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting XSS vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated componen...