EUVD-2025-3443

Malicious code in bioql PyPI...

EUVD-2024-26135

Malicious code in bioql PyPI...

CVE-2025-41675

CVE-2025-41675 concerns MB CONNECT LINE mbNET.mini and Helmholz/mbNET.mini gateways where an OS command injection arises from improper neutralization of special elements in OS commands. The vulnerability allows a high-privilege remote attacker to trigger arbitrary system commands via GET requests...

CVE-2025-28957

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OwnerRez OwnerRez API ownerrez allows Stored XSS.This issue affects OwnerRez API: from n/a through = 1.2.1...

CVE-2025-53493

CVE-2025-53493 affects MediaWiki MintyDocs Extension (versions 1.39.X–1.43.1) with Stored XSS due to improper neutralization of input during web page generation. The issue is fixed in 1.43.2; stakeholders should upgrade MintyDocs to 1.43.2 or later. Other connected sources (PT-2025-27640, Red Hat...

CVE-2025-22632

CVE-2025-22632 affects the WordPress plugin “WooCommerce Pricing – Product Pricing” (≤1.0.9) and is a Stored XSS vulnerability caused by improper input neutralization during page generation. The CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L) yields a base score of 7.1 (High) and indicates ...

Cross-Site Scripting (XSS)

Drupal Core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of input during web page generation, allowing malicious scripts to be executed on the client-side...