336 matches found
EUVD-2025-10923
Malicious code in bioql PyPI...
EUVD-2021-30242
Malicious code in bioql PyPI...
EUVD-2023-58666
Malicious code in bioql PyPI...
EUVD-2023-58671
Malicious code in bioql PyPI...
EUVD-2025-6913
Malicious code in bioql PyPI...
CVE-2025-34228
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a server-side request forgery SSRF vulnerability. The /var/www/app/consolerelease/lexmark/update.php script is reachable from the internet...
CVE-2025-53693
Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Sitecore Sitecore Experience Manager XM, Sitecore Experience Platform XP allows Cache Poisoning.This issue affects Sitecore Experience Manager XM: from 9.0 through 9.3, from 10.0 through 10.4;...
CVE-2025-53693 HTML Cache Poisoning through Unsafe Reflections
Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Sitecore Sitecore Experience Manager XM, Sitecore Experience Platform XP allows Cache Poisoning.This issue affects Sitecore Experience Manager XM: from 9.0 through 9.3, from 10.0 through 10.4;...
CVE-2025-53693
CVE-2025-53693 is an HTML cache poisoning vulnerability in Sitecore Experience Manager (XM) and Experience Platform (XP) caused by using externally-controlled input to select classes or code (Unsafe Reflection). Affected products: XM 9.0–9.3 and 10.0–10.4; XP 9.0–9.3 and 10.0–10.4. The underlying...
CVE-2025-55346 Unintended dynamic code execution leads to remote code execution by network attackers
User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request...
CVE-2012-10044
MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking fileputcontents on attacker-controlled input. An unauthenticated attacker can exploit this flaw by sending...
CVE-2012-10044 MobileCartly 1.0 savepage.php Arbitrary File Creation
MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking fileputcontents on attacker-controlled input. An unauthenticated attacker can exploit this flaw by sending...
CVE-2025-53484 SecurePoll: Multiple locations vulnerable to Cross-Site Scripting (XSS) via unescaped input
User-controlled inputs are improperly escaped in: VotePage.php poll option input ResultPage::getPagesTab and getErrorsTab user-controllable page names This allows attackers to inject JavaScript and compromise user sessions under certain conditions. This issue affects Mediawiki - SecurePoll...
OS Command Injection
@haxtheweb/haxcms-nodejs is vulnerable to OS command injection. The vulnerability is due to insufficient input validation in the gitImportSite functionality, which allows attacker-controlled input to reach the procopen function through a crafted URL string...
U.S. Dept Of Defense: Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ██████
A Cross-Site Scripting XSS vulnerability was identified in an ASP.NET web application. The issue arose from improper handling of URLs passed to the ResolveUrl method, which failed to sanitize user-controlled input. This allowed injection of arbitrary JavaScript payloads that executed in the conte...
CVE-2024-47069
Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website. Prior to versions 1.16.3 and 2.1.3, the block/locale endpoint does not properly sanitize the user-controlled locale input before including it in the...
CVE-2024-5936
An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...
CVE-2021-21814
Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char passed in by the user, no checks are done to see if the passed in char is longer th...
CVE-2019-8235
An insecure direct object reference IDOR vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled...
Authorization Bypass Through User-Controlled Key
Overview sjbr/sr-feuser-register is an A self-registration variant of Kasper Skårhøj's Front End User Admin extension for TYPO3 CMS. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the handling of user input. An attacker can read arbitrary...