EUVD-2020-21975

Malware in sbrugna...

Cockpit < 2.11.4 XSS

The version of Cockpit running on the remote web server prior to 2.11.4. A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. The manipulation of the argument name/email leads to cross site...

CVE-2025-7053 Cockpit save cross site scripting

A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. The manipulation of the argument name/email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version...

CVE-2025-5886

CVE-2025-5886 affects Emlog up to version 2.5.7. The issue is a cross-site scripting vulnerability arising from manipulating the active_post argument in /admin/article.php, with remote initiation and a publicly disclosed exploit. Connected sources confirm the vulnerability existence and the affec...

CVE-2025-0400

A vulnerability was found in StarSea99 starsea-mall 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/categories/update. The manipulation of the argument categoryName leads to cross site scripting. The attack may be initiated remotely. The exploi...

CVE-2024-9031

A vulnerability, which was classified as problematic, has been found in CodeCanyon CRMGo SaaS up to 7.2. This issue affects some unknown processing of the file /project/task/taskid/show. The manipulation of the argument comment leads to cross site scripting. The attack may be initiated remotely...

CVE-2019-8739

A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code execution...

CVE-2025-47756

V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!CGamenDataRom::setmr400strc function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution...

CVE-2023-42983

Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks...

CVE-2025-2374

A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument aid/adminname/mobilenumber/email leads to sql injection. The...

Label Studio has a Path Traversal Vulnerability via image Field

Description A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. Label Studio versions before 1.16.0 specified SDK versions prior to 1.0.10 as dependencies, and the issue was confirmed in Label Studio...

CVE-2022-44617

A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library...

PT-2022-21889 · Autodesk · Autodesk Dwg

Name of the Vulnerable Software and Affected Versions: Autodesk DWG affected versions not specified Description: A maliciously crafted Dwg2Spd file, when processed through the Autodesk DWG application, could lead to a memory corruption issue due to a write access violation. This issue, in...

PT-2022-20018 · Unknown · Oretnom23 Fast Food Ordering System

Name of the Vulnerable Software and Affected Versions: oretnom23 Fast Food Ordering System affected versions not specified Description: A problematic issue has been found in the oretnom23 Fast Food Ordering System, affecting the processing of the file "admin/?page=reports". The manipulation of th...