143 matches found
EUVD-2023-57443
Malicious code in bioql PyPI...
EUVD-2022-48292
Malicious code in bioql PyPI...
EUVD-2023-29635
Malicious code in bioql PyPI...
EUVD-2022-32738
Malicious code in bioql PyPI...
EUVD-2025-2823
Malicious code in bioql PyPI...
EUVD-2022-37429
Malicious code in bioql PyPI...
EUVD-2022-1308
Malicious code in bioql PyPI...
EUVD-2022-37423
Malicious code in bioql PyPI...
EUVD-2022-51404
Malicious code in bioql PyPI...
CVE-2025-57769
FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below contain a vulnerability where a specially crafted page can trick a user into executing arbitrary JS code or promoting a user in FreshRSS by obscuring UI elements in iframes. If embedding an authenticated iframe is possibl...
Google Pay, Drug Bots, and SIM Swaps: How Old Leaks and New Vulnerabilities Power Attacks
It starts with something simple: a CAPTCHA box on your screen. You type the number you see, because of course you do. That’s what humans do online. But what if that “CAPTCHA” wasn’t a CAPTCHA at all? In this post, I’ll walk you through how old data leaks, lazy telecom verification, and a...
Linux Distros Unpatched Vulnerability : CVE-2024-0747
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy...
CVE-2025-51591
A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilitie...
SICK Field Analytics和SICK Media Server 安全漏洞
SICK Field Analytics and SICK Media Server are both products of the German company SICK.SICK Field Analytics is software for evaluating manufacturing data.SICK Media Server is a media server. A security vulnerability exists in SICK Field Analytics and SICK Media Server that stems from...
GHSA-V3PH-2Q5Q-CG88 @haxtheweb/haxcms-nodejs Iframe Phishing vulnerability
Summary In the HAX site editor, users can create a website block to load another site in an iframe. The application allows users to supply a target URL in the website block. When the HAX site is visited, the client's browser will query the supplied URL. Affected Resources - Operations.php:868 -...
CVE-2025-48877
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, Codepen is present in the default allowediframes site setting, and it can potentially auto-run arbitrary JS...
CVE-2025-22545
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sw.galati iframe to embed iframe-to-embed allows Stored XSS.This issue affects iframe to embed: from n/a through = 1.2...
CVE-2024-25144
The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a...
CVE-2023-52125
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly iframe allows Stored XSS.This issue affects iframe: from n/a through 4.8...
CVE-2023-6844
The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to and including 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...