EUVD-2024-2103

Malicious code in bioql PyPI...

CVE-2025-2165

The SH Email Alert plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

CVE-2025-2165 SH Email Alert <= 1.0 - Reflected Cross-Site Scripting

The SH Email Alert plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

CVE-2025-2165

CVE-2025-2165 affects the WordPress plugin SH Email Alert. The vulnerability is a reflected Cross-Site Scripting (XSS) via the mid parameter in all versions up to 1.0. It arises from insufficient input sanitization and output escaping, enabling an unauthenticated attacker to lure a user into perf...

CVE-2025-2165 SH Email Alert <= 1.0 - Reflected Cross-Site Scripting

The SH Email Alert plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

WordPress SH Email Alert plugin <= 1.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin SH Email Alert versions = 1.0...

GHSA-73GR-32WG-QHH7 Mautic vulnerable to XSS in contact/company tracking (no authentication)

Summary Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable. Patches Please update to 4.4.13 or 5.1.1 or later. Workarounds None References https://owasp.org/www-project-top-ten/2017/A72017-Cross-SiteScriptingXSS...

PocketBase performs password auth and OAuth2 unverified email linking

In order to be exploited you must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: - a malicious actor register with the targeted user's email it is unverified - at some later point in time the targeted user stumble on your app and decides to sign-up with...

CVE-2024-38351

Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a malicious actor register...

CVE-2024-38351 Password auth and OAuth2 unverified email linking

Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a malicious actor register...

GHSA-7V7G-9VX6-VCG2 Goobi viewer Core Reflected Cross-Site Scripting Vulnerability Using LOGID Parameter

Impact A reflected cross-site scripting vulnerability has been identified in Goobi viewer core when evaluating the LOGID parameter. An attacker could trick a user into following a specially crafted link to a Goobi viewer installation, resulting in the execution of malicious script code in the...

libp2p DoS vulnerability from lack of resource management

Impact Versions older than v0.38.0 of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed ...

DomainAlerting - Daily Alert When A New Domain Name Is Registered And Contains Your Keywords

Daily alert when a new domain name is registered and contains your keywords. Description DomainAlerting tool allows you to perform two main actions for educational purposes only: Download newly registered domains Send automatic email alert You can setup a wordlist and be alerted by email when you...

OPENSUSE-SU-2021:1052-1 Security update for fossil

This update for fossil fixes the following issues: fossil 2.16: Add the fossil patch command Improve the fossil ui command to work on check-out directories and remote machines web UI improvements Add fossil bisect run command for improved automation of bisects Improve fossil merge handling of...

PasswordState password manager’s update hijacked to drop malware

By Habiba Rashid The customers were warned through an email that confirmed that the PasswordState software update feature had been compromised. This is a post from HackRead.com Read the original post: PasswordState password managers update hijacked to drop malware...

RTTM - Real Time Threat Monitoring Tool

Monitoring possible threats of your company on Internet is an impossible task to be achieved manually. Hence many threats of the company goes unnoticed until it becomes viral in public. Thus causing monetary/reputation damage. This is where RTTM comes into action. RTTM Real Time Threat Monitoring...

ezXSS - An Easy Way For Penetration Testers And Bug Bounty Hunters To Test (Blind) Cross Site Scripting

ezXSS is an easy way for penetration testers and bug bounty hunters to test blind Cross Site Scripting. Current features Some features ezXSS has Easy to use dashboard with statics, payloads, view/share/search reports and more Payload generator Instant email alert on payload Custom javascript...

CVE-2018-10695

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. However, the same functionality allows an attacker to execute commands on the device. The POST...

Buffer overflow

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. However, the same functionality allows an attacker to execute commands on the device. The POST...

CVE-2018-10695

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. However, the same functionality allows an attacker to execute commands on the device. The POST...