A cubism panel for Grafana 跨站脚本漏洞

The "Cubism Panel for Grafana" is a visualization plugin developed by ekacnet’s individual developers. Versions of the cubism panel for Grafana prior to 0.1.2 contain a cross-site scripting vulnerability. This vulnerability arises from the panel’s zooming link processor not verifying URL schemes...

CVE-2025-9121

Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions before 10.2.0.4, including 9.3.0.x and 8.3.x, deserialize untrusted JSON data without constraining the parser to approved classes and methods...

EUVD-2025-203473

Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions before 10.2.0.4, including 9.3.0.x and 8.3.x, deserialize untrusted JSON data without constraining the parser to approved classes and methods...

CVE-2025-9121

Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions before 10.2.0.4, including 9.3.0.x and 8.3.x, deserialize untrusted JSON data without constraining the parser to approved classes and methods...

PT-2025-51323

Name of the Vulnerable Software and Affected Versions Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions 8.3.x and 9.3.0.x through 10.1.9.x Description The software deserializes untrusted JSON data without restricting the parser to approved classes and methods...

EUVD-2020-17378

Malware in sbrugna...

EUVD-2020-17379

Malware in sbrugna...

EUVD-2020-17384

Malware in sbrugna...

EUVD-2021-14680

Malware in sbrugna...

EUVD-2022-43293

Malicious code in bioql PyPI...

EUVD-2022-46740

Malicious code in bioql PyPI...

EUVD-2023-42311

Malicious code in bioql PyPI...

CVE-2025-54117 NamelessMC allows Stored Cross-Site Scripting (XSS) in dashboard text editor

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting XSS vulnerability in NamelessMC before 2.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the dashboard text editor component. This vulnerability is fixed ...

CVE-2025-54117 NamelessMC allows Stored Cross-Site Scripting (XSS) in dashboard text editor

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting XSS vulnerability in NamelessMC before 2.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the dashboard text editor component. This vulnerability is fixed ...

CVE-2025-54117

CVE-2025-54117 – NamelessMC : A stored XSS vulnerability exists in NamelessMC

CVE-2025-54117 NamelessMC allows Stored Cross-Site Scripting (XSS) in dashboard text editor

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting XSS vulnerability in NamelessMC before 2.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the dashboard text editor component. This vulnerability is fixed ...

CVE-2023-38511

iTop is an IT service management platform. Dashboard editor : can load multiple files and URL, and full path disclosure on dashboard config file. This vulnerability is fixed in 3.0.4 and 3.1.1...

CVE-2022-43770

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API...

CVE-2022-3960

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor CDE plugin...

CVE-2023-38511 iTop Dashboard editor vulnerable dashboard config file parameter

iTop is an IT service management platform. Dashboard editor : can load multiple files and URL, and full path disclosure on dashboard config file. This vulnerability is fixed in 3.0.4 and 3.1.1...