CVE-2026-47975

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

CVE-2026-4885

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

CVE-2021-47764 AbsoluteTelnet 11.24 - 'Phone' Denial of Service (PoC)

AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating DialUp connection and license name fields. Attackers can generate a 1000-character payload and paste it into specific input fields to trigger application crashes an...

CVE-2018-19324

kimsQ Rb 2.3.0 allows XSS via the second input field to the /?r=home=mypage=info URI...

CVE-2021-28115

The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the comment field of feedback during an edit operation...

CVE-2025-23111

An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name, exposing users to a redirection to a phishing website. An attacker can exploit this to trick the user that receives the survey into clicking on the field name, which redirects them to a phishing website...

CVE-2019-7169

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3...

CVE-2025-20389

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the...

EUVD-2021-16988

Malware in sbrugna...

EUVD-2017-7855

Malware in sbrugna...

EUVD-2020-21619

Malware in sbrugna...

EUVD-2019-4947

Malware in sbrugna...

EUVD-2003-1242

Malware in sbrugna...

EUVD-2016-1709

Malware in sbrugna...

EUVD-2017-18268

Malware in sbrugna...

EUVD-2021-33482

Malicious code in bioql PyPI...

CVE-2025-54875

FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page, newuserisadmin. This is fixed in version...

CVE-2025-52131

The Mocca Calendar application before 2.15 for XWiki allows XSS via the background or text color field...

CVE-2024-25412

A cross-site scripting XSS vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field...

CVE-2019-7170

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies...