3850 matches found
EUVD-2025-37171
Malicious code in epic-comment-rating-frontend npm...
EUVD-2025-37170
Malicious code in epic-comment-rating-service npm...
Malicious code in epic-comment-rating-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e545e5ad95e677ec0468b1254d12e8d5f47eb49cb6261a4ec337fd1c6dee7020 The package epic-comment-rating-service was found to contain malicious code...
MAL-2025-49122 Malicious code in epic-comment-rating-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42e3cd259d5ade70b14b1659d77f4d7271460e40c6329a4c9dd43c8727e251da The package epic-comment-rating-frontend was found to contain malicious code...
MAL-2025-49123 Malicious code in epic-comment-rating-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e545e5ad95e677ec0468b1254d12e8d5f47eb49cb6261a4ec337fd1c6dee7020 The package epic-comment-rating-service was found to contain malicious code...
MAL-2025-49121 Malicious code in epic-comment-rating (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b482eaca9889c0f8ac5d950fc6630478102d1ced2132fb08c5ad85366b6954ac The package epic-comment-rating was found to contain malicious code...
EUVD-2025-37011
Cross-site scripting XSS vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter...
CVE-2025-50574
Cross-site scripting XSS vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter...
UBUNTU-CVE-2025-40086
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds An array of VM binds can potentially evict other buffer objects BOs within the same VM under certain conditions, which may lead to NULL pointer dereferences late...
CVE-2025-50574
CVE-2025-50574 is an XSS vulnerability affecting the Glamour Salon Management System v1, specifically in the blog-details.php component. The issue arises from insufficient input filtering on the blog comment section parameter, allowing remote attackers to inject arbitrary script or HTML. Multiple...
CVE-2025-50574
Cross-site scripting XSS vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter...
Glamour Salon Management System 安全漏洞
Glamour Salon Management System is a salon management system by the individual developer Hiruna Gallage. A security vulnerability exists in Glamour Salon Management System v1, which stems from the blog comment section parameter in blog-details.php not being filtered correctly, which could lead to...
JeecgBoot Path Traversal Vulnerability
JeecgBoot is a low-code development platform that fuses code generation and AI applications to help organizations rapidly achieve low-code development and build AI applications. JeecgBoot has a path traversal vulnerability that stems from a path traversal vulnerability in the interface...
PT-2025-44408
Name of the Vulnerable Software and Affected Versions Glamour Salon Management System version 1 Description A cross-site scripting XSS issue exists in the blog-details.php component. This allows remote attackers to inject arbitrary web script or HTML through the blog comment section parameter. Th...
EUVD-2025-36808
Malicious code in jira-ticket-todo-comment npm...
Malicious code in jira-ticket-todo-comment (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 37f93f4caecf2a8d9f056f2b72cb51b1905579bf89bf8c1e994e68028c24d2c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview jira-ticket-todo-comment is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
EUVD-2025-36523
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constraint rule. When a user adds a time constraint rul...
CVE-2025-34314
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constraint rule. When a user adds a time constraint rul...
CVE-2025-34314 IPFire < v2.29 Stored XSS via Time Constraint Rule URL Filter
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constraint rule. When a user adds a time constraint rul...