30 matches found
EUVD-2020-18132
Malware in sbrugna...
EUVD-2020-21948
Malware in sbrugna...
EUVD-2021-24900
Malware in sbrugna...
EUVD-2024-50550
Malicious code in bioql PyPI...
EUVD-2023-53557
Malicious code in bioql PyPI...
EUVD-2024-34045
Malicious code in bioql PyPI...
EUVD-2023-25579
Malicious code in bioql PyPI...
EUVD-2025-5502
Malicious code in bioql PyPI...
EUVD-2024-2797
Malicious code in bioql PyPI...
CVE-2025-41684
An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface endpoint tlsiotgensetting...
CVE-2025-2172
Aviatrix Controller is affected in versions prior to 7.1.4208, 7.2.5090, and 8.0.0 due to insufficient input sanitization before passing data to command line utilities, enabling command injection via special characters in filenames. The issue is documented with fixed releases: upgrade to 7.1.4208...
Cross-Site Scripting (XSS)
ibexa/fieldtype-richtext is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization and escaping in the back office components, allowing malicious scripts to be injected and stored...
CVE-2024-25831
F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting XSS vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface...
CVE-2024-8486
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping. This make...
CVE-2025-3794 WPForms Lite <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start_timestamp' Parameter
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the starttimestamp parameter in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping...
CVE-2025-24908 Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal
Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...
CVE-2024-21548
Versions of the package bun after 0.0.12 and before 1.1.30 are vulnerable to Prototype Pollution due to improper input sanitization. An attacker can exploit this vulnerability through Bun's APIs that accept objects. Note: This issue relates to the widely known and actively developed 'Bun'...
CVE-2024-12468
CVE-2024-12468 — WP Datepicker (WordPress) is a Reflected Cross-Site Scripting vulnerability in the WP Datepicker plugin via the wpdp_get_selected_datepicker parameter. It affects all versions up to 2.1.4 due to insufficient input sanitization and output escaping. The weakness allows unauthentica...
CVE-2024-21548
CVE-2024-21548 affects the Bun runtime. Versions before 1.1.30 (and after 0.0.12, per sources) are vulnerable to a Prototype Pollution flaw caused by improper input sanitization in Bun’s APIs that accept objects. The issue can enable modifying object prototypes, with the downstream risk as descri...
CVE-2024-50355
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can edit the Display Name of a device, the application did not properly sanitize the user input in the device Display Name, if java script code is inside the name of the device Display Name, its can b...