19 matches found
CVE-2025-52734
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ERA404 CropRefine croprefine allows Reflected XSS.This issue affects CropRefine: from n/a through = 1.2.1...
EUVD-2025-35496
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ERA404 CropRefine croprefine allows Reflected XSS.This issue affects CropRefine: from n/a through = 1.2.1...
CVE-2025-52734
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ERA404 CropRefine croprefine allows Reflected XSS.This issue affects CropRefine: from n/a through = 1.2.1...
EUVD-2025-9802
Malicious code in bioql PyPI...
EUVD-2025-4867
Malicious code in bioql PyPI...
EUVD-2025-9792
Malicious code in bioql PyPI...
EUVD-2025-30727
Malicious code in bioql PyPI...
CVE-2025-57918
Cross-Site Request Forgery CSRF vulnerability in ERA404 LinkedInclude linkedinclude allows Stored XSS.This issue affects LinkedInclude: from n/a through = 3.0.4...
CVE-2025-57918
Cross-Site Request Forgery CSRF vulnerability in ERA404 LinkedInclude linkedinclude allows Stored XSS.This issue affects LinkedInclude: from n/a through = 3.0.4...
PT-2025-38769
Name of the Vulnerable Software and Affected Versions ERA404 LinkedInclude versions through 3.0.4 Description A Cross-Site Request Forgery CSRF issue exists in ERA404 LinkedInclude, which can lead to Stored Cross-Site Scripting XSS. The issue allows for potential malicious actions to be performed...
CVE-2025-32232
Missing Authorization vulnerability in ERA404 StaffList stafflist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StaffList: from n/a through = 3.2.7...
CVE-2025-32255
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ERA404 StaffList stafflist allows Retrieve Embedded Sensitive Data.This issue affects StaffList: from n/a through = 3.2.7...
CVE-2025-32255
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ERA404 StaffList stafflist allows Retrieve Embedded Sensitive Data.This issue affects StaffList: from n/a through = 3.2.7...
CVE-2025-32232
Missing Authorization vulnerability in ERA404 StaffList stafflist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StaffList: from n/a through = 3.2.7...
PT-2025-15011 · Era404 · Era404 Stafflist
Name of the Vulnerable Software and Affected Versions: ERA404 StaffList versions 3.2.6 and earlier Description: The issue allows exposure of sensitive system information to an unauthorized control sphere, enabling the retrieval of embedded sensitive data. Recommendations: For ERA404 StaffList...
CVE-2025-23845
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ERA404 ImageMeta imagemeta allows Reflected XSS.This issue affects ImageMeta: from n/a through = 1.1.2...
CVE-2025-23845
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ERA404 ImageMeta imagemeta allows Reflected XSS.This issue affects ImageMeta: from n/a through = 1.1.2...
CVE-2025-23845
The CVE-2025-23845 entry concerns the WordPress plugin ImageMeta (ERA404 ImageMeta) with a Reflected Cross-Site Scripting vulnerability caused by improper input neutralization. Affected versions are 1.1.2 and earlier. Public sources in connected documents consistently identify the issue as Reflec...
PT-2025-7013 · Era404 · Era404 Imagemeta
Name of the Vulnerable Software and Affected Versions: ERA404 ImageMeta versions 1.1.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting XSS. This means an attacker can inject malicious...