EUVD-2026-16417

Lychee is a free, open-source photo-management tool. Prior to version 7.5.3, the photo description field is stored without HTML sanitization and rendered using !! $item-summary !! Blade unescaped output in the RSS, Atom, and JSON feed templates. The /feed endpoint is publicly accessible without...

📄 MaNGOSWeb 4.0.6 Multi-Exploit Framework

A comprehensive penetration testing tool designed to identify and exploit multiple critical vulnerabilities in MangosWeb 4 version 4.0.6, a World of Warcraft emulator web interface. These include SQL injection, XML injection, file write vulnerabilities, and more...

CVE-2025-66110

Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tiktok Feed: from n/a through = 1.0.23...

PT-2026-6059

Name of the Vulnerable Software and Affected Versions libsoup affected versions not specified Description An HTTP Request Smuggling issue exists in libsoup, an HTTP client/server library. The problem stems from non-RFC-compliant parsing within the soup filter input stream read line function,...

EUVD-2017-16821

Malware in sbrugna...

EUVD-2013-4572

Malware in sbrugna...

EUVD-2007-0364

Malware in sbrugna...

EUVD-2007-2055

Malware in sbrugna...

EUVD-2009-3231

Malware in sbrugna...

EUVD-2010-3261

Malware in sbrugna...

EUVD-2009-3249

Malware in sbrugna...

EUVD-2019-15561

Malware in sbrugna...

EUVD-2023-28619

Malicious code in bioql PyPI...

CVE-2025-6382 Taeggie Feed <= 0.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via name Attribute

The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's taeggie-feed shortcode in all versions up to, and including, 0.1.10. The plugin’s render method takes the user-supplied name attribute and injects it directly into a tag - both in the id attribute...

CVE-2025-5015 Parsons AccuWeather Widget Cross-site Scripting

A cross-site scripting vulnerability exists in the AccuWeather and Custom RSS widget that allows an unauthenticated user to replace the RSS feed URL with a malicious one...

CVE-2025-5015 Parsons AccuWeather Widget Cross-site Scripting

A cross-site scripting vulnerability exists in the AccuWeather and Custom RSS widget that allows an unauthenticated user to replace the RSS feed URL with a malicious one...

CVE-2025-5015

CVE-2025-5015 : A cross-site scripting vulnerability exists in the Parsons AccuWeather widget and the Custom RSS widget, allowing an unauthenticated user to replace the RSS feed URL with a malicious one. Concrete details across sources confirm the affected components, the attack involves injectin...

CVE-2025-52485 DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue...

CVE-2024-11455

The Include Mastodon Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'include-mastodon-feed' shortcode in all versions up to, and including, 1.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2023-24603

OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data...