Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Linux Distros Unpatched Vulnerability : CVE-2016-9642

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JavaScriptCore in WebKit allows attackers to cause a denial of service out-of-bounds heap read via a crafted Javascript file. CVE-2016-9642 Note that Nessus...

Linux Distros Unpatched Vulnerability : CVE-2025-4215

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the...

PT-2025-34812 · Mahara · Mahara

Name of the Vulnerable Software and Affected Versions: Mahara versions prior to 22.10.6 Mahara versions prior to 23.04.6 Mahara versions prior to 24.04.1 Description: The application allows cross-site scripting XSS via a file uploaded through the Mahara filebrowser system. The vulnerability occur...

ExpressGateway express-gateway 代码注入漏洞

ExpressGateway express-gateway is an interface service of ExpressGateway open source. A code injection vulnerability exists in ExpressGateway express-gateway version 1.16.10 and earlier, which stems from cross-site scripting in the lib/rest/routes/users.js file...

CVE-2025-55134

In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via tag in client/agora/public/js/editorManager.js...

CVE-2016-15046

A client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager SSM versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance running on port 8161. An attacker can exploit this flaw through a Cross-Origi...

CVE-2024-8743

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it possible for...

CVE-2023-30852

Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the /admin/misc/script-proxy API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the scriptPath and scripts parameters. The...

CVE-2021-36535

Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjsseterrorf...

CVE-2019-10874

Cross Site Request Forgery CSRF in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file...

CVE-2019-5479

An unintended require vulnerability in...

CVE-2024-13914 File Manager Advanced Shortcode <= Multiple Versions - Authenticated (Administrator+) Local JavaScript File Inclusion via Shortcode

The File Manager Advanced Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 file-manager-advanced-shortcode and 2.5.6 advanced-file-manager-pro-premium, via the 'filemanageradvanced' shortcode. This makes it possible for authenticated...

CVE-2024-13914

Summary: CVE-2024-13914 affects the WordPress plugins File Manager Advanced Shortcode (versions up to 2.5.4) and advanced-file-manager-pro-premium (2.5.6). It is a Local File Inclusion vulnerability exploitable via the file_manager_advanced shortcode, enabling authenticated administrators (and hi...

CVE-2025-4514 Zhengzhou Jiuhua Electronic Technology mayicms javascript.php sql injection

A vulnerability, which was classified as critical, has been found in Zhengzhou Jiuhua Electronic Technology mayicms up to 5.8E. Affected by this issue is some unknown functionality of the file /javascript.php. The manipulation of the argument Value leads to sql injection. The attack may be launch...

Jiuhua MayiCMS 注入漏洞

Jiuhua MayiCMS is a categorized information system from Jiuhua Corporation in China. An injection vulnerability exists in Jiuhua MayiCMS 5.8E and earlier versions, which originates from SQL injection due to incorrect manipulation of the parameter Value in file/javascript.php...

CVE-2025-46654

CVE-2025-46654 affects CodiMD up to version 2.2.0, where a CSP-based XSS protection can be bypassed by uploading an HTML file that references an uploaded JavaScript file. Documented impact is cross-site scripting due to this bypass; the vulnerability applies to 2.2.0 and earlier. No exploit detai...

CVE-2021-24008

An exposure of sensitive system information to an unauthorized control sphere vulnerability CWE-497 in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0,...

CVE-2021-24008

An exposure of sensitive system information to an unauthorized control sphere vulnerability CWE-497 in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0,...