17 matches found
EUVD-2020-27945
Malware in sbrugna...
EUVD-2018-0552
Malware in sbrugna...
EUVD-2017-16562
Malware in sbrugna...
EUVD-2025-10040
Malicious code in bioql PyPI...
EUVD-2023-58291
Malicious code in bioql PyPI...
EUVD-2022-42466
Malicious code in bioql PyPI...
Mozilla Thunderbird < 128.13
The version of Thunderbird installed on the remote Windows host is prior to 128.13. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-62 advisory. - Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140....
CVE-2023-6033
Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim's browser...
CVE-2025-3597
The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available to Pro version users, it can be activated in the free versi...
CVE-2022-42449
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications...
CVE-2025-40615
Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/apiajustes.php...
CVE-2025-32951 io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API
Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...
PT-2025-17577 · Cuba Jpa · Cuba Jpa
Name of the Vulnerable Software and Affected Versions: Cuba JPA versions prior to 1.1.1 Description: The Cuba JPA web API allows loading and saving entities defined in the application data model through simple HTTP requests. Prior to version 1.1.1, the input parameter, which includes a file path...
Amazon Linux 2 : firefox (ALASFIREFOX-2025-036)
The version of firefox installed on the remote host is prior to 128.8.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2025-036 advisory. Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability...
SUSE-SU-2022:3101-1 Security update for zabbix
This update for zabbix fixes the following issues: - CVE-2022-35230: Javascript embedded in links for graphs page will be executed bsc1201290...
CVE-2019-19089
For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text...
Microsoft Windows Media Player 7.0 - JavaScript URL
source: https://www.securityfocus.com/bid/2167/info Windows Media Player is an application used for digital audio, and video content viewing. It can be embedded in webpages as an ActiveX control. It is possible to execute a javascript URL from within the Windows Media Player ActiveX control...