EUVD-2018-1972

Malware in sbrugna...

EUVD-2022-0088

Malicious code in bioql PyPI...

EUVD-2023-49683

Malicious code in bioql PyPI...

CVE-2025-43774

Connected sources describe a reflected XSS in Liferay Portal 7.4.3.132 and Liferay DXP 2025.Q1.0–2025.Q1.17, exploitable when a remote authenticated user injects JavaScript via the Style Book theme name. The issue is reflected in the user’s browser; no concrete fix/version is provided in the supp...

CVE-2025-51534

A cross-site scripting XSS vulnerability in Austrian Archaeological Institute AI OpenAtlas v8.11.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field...

CVE-2025-45778

The Language Sloth Web Application v1.0 is affected by a stored XSS in the Description field, allowing an attacker to inject payloads and execute arbitrary scripts when pages are loaded. The issue is identified as CVE-2025-45778 with CVSS v3.1 base score 6.1 (Network, Low attack complexity, No pr...

CVE-2024-55009

CVE-2024-55009 refers to a reflected XSS in AutoBib - Bibliographic collection management system (versions 3.1.140 and earlier). The vulnerability allows an attacker to cause arbitrary JavaScript execution in a victim’s browser by injecting a crafted payload into the WCE=topFrame&WCU= parameter. ...

CVE-2024-13509

CVE-2024-13509 affects the WS Form LITE (and WS Form Pro) WordPress plugin. It is an unauthenticated Stored Cross-Site Scripting flaw in the url parameter present in all versions up to 1.10.13. The issue arises from insufficient input sanitization and output escaping, allowing an attacker to inje...

CVE-2024-56087

CVE-2024-56087 affects Logpoint prior to 7.5.0. Authenticated users can inject payloads through queries in the Search Template Dashboard, which are then executed and cause Server-Side Template Injection. Affected software: Logpoint before 7.5.0. Root cause: injectable payloads in SSTI-prone dashb...

Online Student Grading System 1.0 Code Injection

============================================================================================================================================= | Title : Online Student Grading System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

Joomla SP Page Builder 5.2.7 SQL Injection

==================================================================================================================================== | Title : SP Page Builder 5.2.7 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit ...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-10111056)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-0321578)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-10111277)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

eClass Junior 4.0 SQL Injection

==================================================================================================================================== | Title : eClass Junior 4.0 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...

Zoo Management System 跨站脚本漏洞

Zoo Management System is a zoo management system by Carlo Montero, an individual developer. It provides an online and automated platform for zoo organizations to manage their daily records. A cross-site scripting vulnerability exists in Zoo Management System v1.0, which can be exploited by an...

Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Exploit

Exploit Title: Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Exploit Author: Thurein Soe CVE : CVE-2022-28171 Vendor Homepage: https://www.hikvision.com Software Link: N/A Refence Link: https://cve.report/CVE-2022-28171 Version: Filmora 12: Ds-a71024 Firmware, Ds-a71024...

CVE-2023-32350

Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system OS command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a...

SQL Injection in Django

A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...

GHSA-4FQX-74RV-638W Pivotal Concourse SQL Injection Vulnerability

Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data...