EUVD-2023-40421

Malicious code in bioql PyPI...

EUVD-2025-16932

Malicious code in bioql PyPI...

CVE-2025-32015

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the attribute, which leads to cross-site scripting XSS by loading an attacker's UserJS inside . In order to execute the attack, the attacker needs to control one of the victim's feeds and...

CVE-2024-20462

A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML conte...

CVE-2025-30345

An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chatgroup.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML entities are encoded properly, but not when...

CVE-2025-25187

CVE-2025-25187 (Joplin) is a cross-site scripting vulnerability in Joplin prior to version 3.1.24. The issue arises from inserting note titles with React dangerouslySetInnerHTML without escaping HTML entities, and the app’s lack of a restrictive Content-Security-Policy for script-src. Combined wi...