EUVD-2026-31804

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS. This issue affects Geo Mashup: from n/a through 1.13.18...

PT-2026-30045

An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service, aka Directory Traversal...

EUVD-2026-15880

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in imithemes Gaea gaea allows Reflected XSS.This issue affects Gaea: from n/a through 3.8...

CVE-2025-67949

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in designingmedia Hostiko hostiko allows Reflected XSS.This issue affects Hostiko: from n/a through 94.3.6...

Arbitrary Code Injection

aizuda snail-job is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper handling of user-controlled input in the QLExpressEngine.doEval function, which allows a remote attacker to inject and execute malicious expressions...

EUVD-2021-11633

Malware in sbrugna...

EUVD-2025-10417

Malicious code in bioql PyPI...

EUVD-2024-40838

Malicious code in bioql PyPI...

USN-7530-1 libphp-adodb vulnerability

It was discovered that ADOdb incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands...

CVE-2025-32461

wikipluginincludetpl in lib/wiki-plugins/wikipluginincludetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3...

CVE-2025-32461

CVE-2025-32461 affects Tiki Wiki CMS Groupware prior to 28.3, via wikiplugin_includetpl.php in lib/wiki-plugins/wikiplugin_includetpl.php, which mishandles input to an eval and can enable remote code execution. Affected versions include 21.12-, 24.8-, 27.2-, and 28.0–28.3. Fixed versions are 21.1...

CVE-2025-32461

wikipluginincludetpl in lib/wiki-plugins/wikipluginincludetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3...

CVE-2025-31754

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DobsonDev DobsonDev Shortcodes dobsondev-shortcodes allows Stored XSS.This issue affects DobsonDev Shortcodes: from n/a through = 2.1.12...

CVE-2025-30917

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Wham SKU Generator for WooCommerce sku-for-woocommerce allows Reflected XSS.This issue affects SKU Generator for WooCommerce: from n/a through = 1.6.2...

CVE-2025-30961

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tinuzz Trackserver trackserver allows DOM-Based XSS.This issue affects Trackserver: from n/a through = 5.1.0...

ShopXO 安全漏洞

ShopXO is an open source, enterprise-grade, open source e-commerce system from ShopXO, Inc. A security vulnerability exists in ShopXO version 6.4.0 and prior versions, which stems from the Template Handler module mishandling input, which could lead to a remote attack...

SXF Common Library 安全漏洞

SXF Common Library is a common library in the SXF Common Library open source. A security vulnerability exists in SXF Common Library that stems from mishandling of input data and may cause a crash if a product using the library reads a carefully crafted file...

ELECOM多款产品 安全漏洞

ELECOM WRC-X3000GS2-W and others are products of ELECOM Corporation.ELECOM WRC-X3000GS2-W is a wireless router.ELECOM WRC-X3000GS2-B is a gigabit router.ELECOM WRC-X3000GS2A-B is a gigabit router. A security vulnerability exists in several ELECOM products, which originates from mishandling of inp...

Zimbra Collaboration Suite 安全漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra. The product includes WebMail, Calendar, Address Book and more. A security vulnerability exists in Zimbra Collaboration Suite versions 9.0 and 10.0, which stems from mishandling of input parameters, and could allow a...

CVE-2024-26327

An issue was discovered in QEMU 7.1.0 through 8.2.1. registervfs in hw/pci/pciesriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations...