Malicious code in vulndify-mcp-server (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6110bfbfb3eac275094aefd342ef273350829f83c53c480e29df1f872b335650 The package advertises itself in the README as offering only a benign hello MCP tool, but src/vulndifymcpserver/server.py registers two additional,...

📄 RPi-Jukebox-RFID 2.8.0 Cross Site Scripting

RPi-Jukebox-RFID version 2.8.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: RPi-Jukebox-RFID 2.8.0 - Stored XSS CVE-2025-10370 Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://github.com/MiczFlor/RPi-Jukebox-RFID Software Link:...

RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: RPi-Jukebox-RFID 2.8.0 - Stored XSS CVE-2025-10370 Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://github.com/MiczFlor/RPi-Jukebox-RFID Software Link: https://github.com/MiczFlor/RPi-Jukebox-RFID/releases/tag/v2.8.0 Version: 2.8.0 Tested on: Raspber...

CVE-2023-53942

File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with ...

ZOHO ManageEngine ADManager Plus Command Injection Vulnerability

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

CVE-2025-10020

Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component...

EUVD-2025-35166

Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component...

CVE-2025-10020

Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component...

CVE-2025-10020

Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component...

CVE-2025-10020 Command Injection

Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component...

CVE-2025-10020 Command Injection

Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component...

CVE-2025-10020

CVE-2025-10020 affects Zohocorp ManageEngine ADManager Plus prior to version 8024, with an authenticated command-injection in the Custom Script component caused by inadequate filtering of constructed command characters. Impact described across sources includes arbitrary command execution and pote...

ZOHO ManageEngine ADManager Plus 安全漏洞

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

EUVD-2025-29096

Malicious code in bioql PyPI...

EUVD-2025-7933

Malicious code in bioql PyPI...

CVE-2025-10370

A vulnerability was identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This vulnerability affects unknown code of the file /htdocs/userScripts.php. The manipulation of the argument Custom script leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is...

CVE-2025-10370

A vulnerability was identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This vulnerability affects unknown code of the file /htdocs/userScripts.php. The manipulation of the argument Custom script leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is...

CVE-2025-10370

A vulnerability was identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This vulnerability affects unknown code of the file /htdocs/userScripts.php. The manipulation of the argument Custom script leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is...

CVE-2025-10370 MiczFlor RPi-Jukebox-RFID userScripts.php cross site scripting

A vulnerability was identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This vulnerability affects unknown code of the file /htdocs/userScripts.php. The manipulation of the argument Custom script leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is...

CVE-2025-10370

CVE-2025-10370 affects MiczFlor RPi-Jukebox-RFID up to version 2.8.0. A stored XSS exists in the /htdocs/userScripts.php page via manipulation of the Custom script argument, enabling remote exploitation with arbitrary JavaScript payloads. Public PoCs/exploits are available (e.g., Exploit-DB, Pack...