CVE-2019-25265

Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie...

DNN Cross-Site Scripting Vulnerabilities

DNN also known as DotNetNuke is an open-source content management system CMS developed by the American company DNN, supported by Microsoft and based on the ASP.NET platform. This system features easy installation, scalability, and rich functionality. Versions of DNN prior to 9.13.10 and 10.2.0...

WordPress Calendar plugin <= 1.3.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'event_desc' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'eventdesc' vulnerability discovered by Hieus in WordPress Plugin Calendar versions = 1.3.16...

CVE-2024-58304

SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to execute arbitrary...

EUVD-2017-18266

Malware in sbrugna...

EUVD-2025-17556

Malicious code in bioql PyPI...

CVE-2025-55203

Plane is open-source project management software. Prior to version 0.28.0, a stored cross-site scripting XSS vulnerability exists in the descriptionhtml field of Plane. This flaw allows an attacker to inject malicious JavaScript code that is stored and later executed in other users’ browsers. The...

CVE-2025-38408

In the Linux kernel, the following vulnerability has been resolved: genirq/irqsim: Initialize work context pointers properly Initialize ops member's pointers properly by using kzalloc instead of kmalloc when allocating the simulation work context. Otherwise the pointers contain random content...

CVE-2025-38411

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix double put of request If a netfs request finishes during the pause loop, it will have the ref that belongs to the INPROGRESS flag removed at that point - however, if it then goes to the final wait loop, that will also...

CVE-2025-50093

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2025-30752

CVE-2025-30752 affects Oracle Java SE and Oracle GraalVM for JDK 24.0.1 (Compiler component). The vulnerability allows unauthenticated network access to cause a partial denial of service (Availability impact: LOW) in Java deployments that run untrusted code in sandboxed environments. Affects clie...

CVE-2025-38242

In the Linux kernel, the following vulnerability has been resolved: mm: userfaultfd: fix race of userfaultfdmove and swap cache This commit fixes two kinds of races, they may have different results: Barry reported a BUGON in commit c50f8e6053b0, we may see the same BUGON if the filemap lookup...

CVE-2025-46041

A stored cross-site scripting XSS vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface /admin/pages/add...

CVE-2024-7355

The Organization chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleinput’ and 'nodedescription' parameter in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-58093

In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix link state exit during switch upstream function removal Before 456d8aa37d0f "PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free", we would free the ASPM link only after the last function on the b...

CVE-2022-49599

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpl3mdevaccept. While reading sysctltcpl3mdevaccept, it can be changed concurrently. Thus, we need to add READONCE to its readers...

CVE-2025-1592

A vulnerability was found in SourceCodester Best Employee Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/Operations/Role.php of the component Add Role Page. The manipulation of the argument assignname/description...

MonicaHQ 安全漏洞

MonicaHQ is a relationship management system from MonicaHQ, Inc. A security vulnerability exists in MonicaHQ version v4.1.2 that stems from the title and description parameters containing multiple authenticated client-side injections...

Pegasystem PEGA Platform Cross-Site Scripting Vulnerability

Pegasystem PEGA Platform is a suite of application development platforms from the US-based Pegasystem. The platform is used to develop applications such as BPM Business Process Management, Case Management, Real-time Decision Making and CRM Customer Relationship Management. A security vulnerabilit...

CVE-2023-36121

Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project...