890 matches found
MAL-2025-156902 Malicious code in irashi-se-swe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5a75dea3452b14ce5f252a5623b7422d0f398b3e7658dda1cb4bb95a5a772f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2025-62780
changedetection.io is a free open source web page change detection tool. A Stored Cross Site Scripting is present in changedetection.io Watch update API in versions prior to 0.50.34 due to insufficient security checks. Two scenarios are possible. In the first, an attacker can insert a new watch...
Malicious code in nurul-sroto52-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3ef12b053ff53005307934e94f2e29ea6f3a394c97253e99eb85058be7ca6c8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
PYSEC-2025-91
changedetection.io is a free open source web page change detection tool. A Stored Cross Site Scripting is present in changedetection.io Watch update API in versions prior to 0.50.34 due to insufficient security checks. Two scenarios are possible. In the first, an attacker can insert a new watch...
CVE-2025-62780 changedetection.io vulnerable to stored XSS in Watch update via API
changedetection.io is a free open source web page change detection tool. A Stored Cross Site Scripting is present in changedetection.io Watch update API in versions prior to 0.50.34 due to insufficient security checks. Two scenarios are possible. In the first, an attacker can insert a new watch...
📄 LEPTON 7.4.0 Cross Site Scripting
LEPTON version 7.4.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: LEPTON 7.4.0 - Stored Cross-Site Scripting XSS Exploit Author: tmrswrr / Hulya KARABAG Vendor Homepage: https://lepton-cms.org/ Software Link:...
📄 WBCE CMS 1.6.4 Cross Site Scripting
WBCE CMS version 1.6.4 suffers from a persistent cross site scripting vulnerability. Exploit Title: WBCE CMS 1.6.4 - Stored Cross-Site Scripting XSS Date: 2025-10-29 Exploit Author: Chokri Hammedi Vendor Homepage: https://wbce.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/v1.6....
CVE-2025-11952
Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...
CVE-2025-60507
Cross site scripting vulnerability in Moodle GeniAI plugin localgeniai 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direct HTML link to the uploaded file without sanitization. When other users including Students or...
CVE-2025-8349
Cross-site Scripting XSS stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed witho...
EUVD-2025-35044
Cross-site Scripting XSS stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed witho...
CVE-2025-42901
SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability ...
CVE-2025-42901 Code Injection vulnerability in SAP Application Server for ABAP (BAPI Browser)
SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability ...
CVE-2025-42901
CVE-2025-42901 affects SAP Application Server for ABAP (BAPI Explorer) where an authenticated attacker can store malicious JavaScript payloads that execute in the victim’s browser. Impact is described as low for confidentiality and integrity, with no availability impact. Root cause involves store...
EUVD-2025-34126
SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability ...
SAP Application Server for ABAP 代码注入漏洞
SAP Application Server for ABAP is a load balancing, memory management platform from SAP, Germany. A code injection vulnerability exists in SAP Application Server for ABAP that originates from allowing an authenticated attacker to store a malicious JavaScript payload that could lead to a cross-si...
EUVD-2021-0468
Malware in sbrugna...
EUVD-2020-19959
Malware in sbrugna...
EUVD-2020-21318
Malware in sbrugna...
EUVD-2020-19418
Malware in sbrugna...