EUVD-2024-32733

Malicious code in bioql PyPI...

EUVD-2024-23385

Malicious code in bioql PyPI...

EUVD-2025-20456

Malicious code in bioql PyPI...

EUVD-2022-45781

Malicious code in bioql PyPI...

CVE-2025-59528

Flowise 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig string is parsed and passed to the Function() constructor via convertToValidJSONString without validation, allowing an attacker to execute arbitrary JavaScript with Node.js privileges (e.g., ac...

CVE-2025-32430

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-3 through 16.4.7, 16.5.0-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, two templates contain reflected XSS vulnerabilities, allowing an attacker to execute...

CVE-2025-32731

A reflected cross-site scripting xss vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabilit...

AlmaLinux 9 : thunderbird (ALSA-2025:12187)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:12187 advisory. firefox: thunderbird: Large branch table could lead to truncated instruction CVE-2025-8028 firefox: thunderbird: Memory safety bugs CVE-2025-8035 firefox...

CVE-2025-40685 Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System

Reflected Cross-Site Scripting XSS in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searcstate' parameter in/state.php...

PT-2025-31195 · Unknown · Human Resource Management System Version 1.0

Name of the Vulnerable Software and Affected Versions: Human Resource Management System version 1.0 Description: This issue allows an attacker to execute JavaScript code in a victim’s browser. This is achieved by sending a malicious URL through the employeeid parameter. The vulnerable location is...

CVE-2025-54423 copyparty has a DOM-Based XSS vulnerability when displaying multimedia metadata

copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. This is fixed in version 1.18.5...

copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata

Summary An unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. Details Multimedia metadata is rendered in the web-app without sanitization. This can be exploited in two way...

CVE-2025-27801

CVE-2025-27801 is a Stored XSS vulnerability in Optimizely Episerver CMS (EPiServer.CMS.Core/UI). Affected: EPiServer.CMS.Core <11.21.4 with UI <11.37.5 (11.x) and Core <12.22.1 with UI

CVE-2025-54414

CVE-2025-54414 affects TecharoHQ Anubis Web AI Firewall Utility (versions 1.21.2 and earlier). The vulnerability arises from malicious pass-challenge pages that can cause a user to execute arbitrary JavaScript or trigger nonstandard URL schemes via the PassChallenge flow, specifically the route /...

PT-2025-30307 · Fastapi +1 · Fastapi +1

Name of the Vulnerable Software and Affected Versions: Cadwyn versions 5.4.3 and below Description: Cadwyn is a production-ready, community-driven, modern Stripe-like API versioning tool in FastAPI. The version parameter of the /docs endpoint is susceptible to a Reflected Cross-Site Scripting XSS...

CVE-2025-40724 Stored Cross-Site Scripting (XSS) in Pharmacy POS PHP Script

Stored Cross-Site Scripting XSS vulnerability in Pharmacy POS PHP Script. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the umedicinename parameter in /editmedicine.php. This vulnerability can be exploited to...

CVE-2025-52357

Cross-Site Scripting XSS vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-DX-R410 router firmware V2.2.14, allowing an authenticated attacker to execute arbitrary JavaScript code in the context of the router s web interface. The vulnerability is triggered via user-supplied...

CVE-2025-52357

FiberHome FD602GW-DX-R410 router (firmware V2.2.14) contains a reflected XSS in the ping diagnostic feature. Authenticated users can inject input in the ping form field, which is not properly sanitized, allowing arbitrary JavaScript execution in the router’s admin/web interface. Impacts include s...

CVE-2025-40721

Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the idfactura parameter in /FacturaE/listadofacturasficha.jsp...

CVE-2025-40720

Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the campo parameter in /FacturaE/VerFacturaPDF...