CVE-2025-64050

A Remote Code Execution RCE vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages...

EUVD-2017-18441

Malware in sbrugna...

EUVD-2022-50734

Malicious code in bioql PyPI...

CVE-2025-8217

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

CVE-2025-8217

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

CVE-2025-8217 Inert Malicious script injected into Amazon Q Developer Visual Studio Code (VS Code) Extension

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

CVE-2025-3862

Contest Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 26.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

Injected Malicious Code

XZ is vulnerable to Injected Malicious Code. Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which...

In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists

Impact Versions from 1.2.0 to 1.3.1 of Astro-Shield allow to bypass the allow-lists for cross-origin resources by introducing valid integrity attributes to the injected code. This implies that the injected SRI hash would be added to the generated CSP header, which would lead the browser to believ...

Cross-site Scripting (XSS)

dolibarr/dolibarr is vulnerable to Cross-site Scripting XSS. An attacker is able to exploit this vulnerability by tricking a user into clicking on a malicious link or opening a malicious file. The malicious link or file would contain a specially crafted XSS payload that would be injected into the...

Cisco Identity Services Engine 跨站脚本漏洞

Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform regulates the network by collecting real-time information from the network, users, and devices to develop and enforce policies. The Cisco Identity Services Engine suffers from...

CVE-2021-27431

ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc local malloc equivalent function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution...

IBM Cloud Pak for Security 跨站脚本漏洞

IBM Cloud Pak for Security is an application from IBM America, Inc. an open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated action faster. IBM Cloud Pak for Security suffers from a cross-site scripting vulnerability that...

PT-2019-1348 · Palo Alto Networks · Pan-Os

Name of the Vulnerable Software and Affected Versions: PAN-OS versions 7.1.21 and earlier PAN-OS versions 8.0.14 and earlier PAN-OS versions 8.1.5 and earlier Description: The PAN-OS management web interface has a vulnerability due to insufficient protection of the web page structure. This issue...

Code injection

Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file...

kmquilt.godo.co.kr XSS vulnerability

Open Bug Bounty ID: OBB-686781 Description| Value ---|--- Affected Website:| kmquilt.godo.co.kr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Frappe ERPNext Cross-Site Scripting Vulnerability

Frappe ERPNext is an open source ERP Enterprise Resource Planning system. The system includes functions for financial management, inventory management, customer relationship management, project management and human resource management. A cross-site scripting vulnerability exists in Frappe ERPNext...

Rename vulnerability in ourphp v1.8.0

Ourphp website building system is a php+mysql website building system. ourphp v1.8.0 version exists renaming vulnerability, the attacker will Trojan horse code injected into the edited file, rename the file as an executable script file, so as to obtain the website webshell...

Out-of-Bounds Write

OpenCV is vulnerable to out-of-bounds write. A malicious user can pass an image to the FillColorRow8 function in the utils.cpp to cause an out-of-bounds write that could cause injected code to be executed or to crash the application...

atmail Cross-Site Scripting Vulnerability

atmail is an open source WebMail client from Australia's atmail company , which provides a Webmail interface , address book management , calendars and other features , and supports IMAP, video mail and so on. A cross-site scripting vulnerability exists in versions of atmail prior to 7.8.0.2. A...