263 matches found
CVE-2025-12062 WP Maps <= 4.8.6 - Authenticated (Subscriber+) Limited Local File Inclusion
The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fcloadtemplate function. This makes it possible for authenticated attackers, with Subscriber-leve...
CVE-2020-37178
KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash...
CVE-2020-37178 KeePass 2.44 - Denial of Service (PoC)
KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload arbitrary files. An attacker can execute arbitrary scripts in the context of another user's browser by uploading malicious HTML or SVG files that are then rendered from the same domain as the...
CVE-2026-23499
Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these...
EUVD-2026-3775
Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these...
CVE-2021-47751 CuteEditor for PHP 6.6 - Directory Traversal
CuteEditor for PHP now referred to as Rich Text Editor 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath function by renaming uploaded HTML files using...
Cross-site Scripting (XSS)
Overview @haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to Cross-site Scripting XSS via the processing of uploaded .html files. An attacker can execute arbitrary JavaScript in the context of another user's session by uploading .html files...
CVE-2025-55310
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. An attacker able to alter or replace the static HTML files used by the StartPage feature can cause the application to load malicious or compromised content upon startup. This may result in...
Improper Access Control
Vite is vulnerable to Improper Access Control. The vulnerability is due to the dev and preview servers serving any HTML files on the machine regardless of the server.fs settings, which allows an attacker to access unintended files when the Vite server is exposed to the network, potentially leadin...
EUVD-2018-0394
Malware in sbrugna...
EUVD-2017-18011
Malware in sbrugna...
EUVD-2017-3257
Malware in sbrugna...
EUVD-2004-2484
Malware in sbrugna...
EUVD-2020-29695
Malware in sbrugna...
EUVD-2007-5824
Malware in sbrugna...
EUVD-2009-2253
Malware in sbrugna...
EUVD-2008-0483
Malware in sbrugna...
EUVD-2009-2832
Malware in sbrugna...
EUVD-2006-2099
Malware in sbrugna...