Live Helper Chat Cross-Site Script Vulnerabilities

Live Helper Chat is an open-source plugin for personal developers that provides chat functionality for web platforms. Versions of Live Helper Chat prior to 4.72 contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting in the PDF file...

CVE-2026-24035 Horilla has Improper Access Control Issue that Allows Unauthorized Document Upload on Behalf of Another Employee

Horilla is a free and open source Human Resource Management System HRMS. An Improper Access Control vulnerability exists in Horilla HR Software starting in version 1.4.0 and prior to version 1.5.0, allowing any authenticated employee to upload documents on behalf of another employee without prope...

EUVD-2012-6603

Malware in sbrugna...

EUVD-2023-46918

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-21312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before...

CVE-2012-3572

Open Source Competency Center OSCC MyMeeting 3.0.1 and earlier, and MyMesyuarat 09b-1, does not properly verify uploaded documents, which allows remote authenticated users to execute arbitrary PHP code via a crafted document...

CVE-2025-45388

Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been...

CVE-2025-45388

Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been...

CVE-2025-45388

CVE-2025-45388 (Wagtail CMS 6.4.1) : A Stored Cross-Site Scripting (XSS) flaw exists in the document upload feature. Attackers can embed malicious payloads in a PDF; when a user clicks the uploaded document in the CMS interface, the payload can execute. The supplier disputes exploitability, notin...

CVE-2025-45388

Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been...

Chamilo LMS Security Vulnerability

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS v1.11.24 and prior versions,...