1002 matches found
EUVD-2025-36624
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TieLabs Sahifa sahifa allows DOM-Based XSS.This issue affects Sahifa: from n/a through 5.8.6...
Security Vulnerabilities in AI-Generated Code: A Large-Scale Analysis of Public GitHub Repositories
This paper presents a comprehensive empirical analysis of security vulnerabilities in AI-generated code across public GitHub repositories. We collected and analyzed 7,703 files explicitly attributed to four major AI tools: ChatGPT 91.52%, GitHub Copilot 7.50%, Amazon CodeWhisperer 0.52%, and...
Cross-site Scripting (XSS)
io.vertx:vertx-web is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper escaping of file and directory names in generated HTML when directory listing is enabled, which allows an attacker to craft malicious filenames that execute arbitrary scripts in the browser of users...
EUVD-2025-34959
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.7.1 via the ebsaveaigeneratedimage function. This makes it possible for authenticated attackers, with Author-leve...
CVE-2025-11361 Essential Blocks <= 5.7.1 - Authenticated (Author+) Server-Side Request Forgery
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.7.1 via the ebsaveaigeneratedimage function. This makes it possible for authenticated attackers, with Author-leve...
WordPress plugin Gutenberg Essential Blocks 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails
Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Projecta are affected if the Mailgen.generatePlaintextemail method is used and passed in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli @edoardottt. Details...
mailgen 跨站脚本漏洞
mailgen is a mail generation library by the individual developer Elad Nava. A cross-site scripting vulnerability exists in mailgen version 2.0.31 and earlier, which stems from the generatePlaintext method not properly filtering HTML tags when processing user-generated content, which could lead to...
EUVD-2025-28745
E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...
PT-2025-41412
NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant library contacts a C2 DNS server via a specially crafted TXT...
EUVD-2005-2261
Malware in sbrugna...
EUVD-2019-9256
Malware in sbrugna...
EUVD-2021-23972
Malware in sbrugna...
EUVD-2019-8940
Malware in sbrugna...
EUVD-2021-13490
Malware in sbrugna...
EUVD-2021-10752
Malware in sbrugna...
EUVD-2021-0532
Malware in sbrugna...
Vibe Coding Is the New Open Source—in the Worst Way Possible
As developers increasingly lean on AI-generated code to build out their software—as they have with open source in the past—they risk introducing critical security failures along the way...
EUVD-2025-24884
Malicious code in bioql PyPI...
EUVD-2022-42683
Malicious code in bioql PyPI...