EUVD-2026-3712

Malicious code in jquery-ajaxchimp npm...

com.amazonaws.serverless:aws-serverless-java-container-struts (=1.9), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=5.0.0) +50 more potentially affected by CVE-2025-68493 via org.apache.struts:struts2-core (>=6.0.0 <=6.0.3)

org.apache.struts:struts2-core MAVEN version =6.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =1.4.0, =1.4.1, =1.4.0, =1.4.2 and more Source cves: CVE-2025-68493 Source advisory: OSV:GHSA-QCFC-HMRC-59X7https://vulners.co...

CVE-2023-53892

Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin'...

CVE-2023-53892

Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin'...

CVE-2023-53892 Blackcat CMS 1.4 Remote Code Execution via Jquery Plugin Manager

Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin'...

CVE-2023-53892

Summary: CVE-2023-53892 affects Blackcat CMS 1.4 with a remote code execution flaw in the jquery plugin manager. Authenticated admins can upload ZIP packages containing a PHP shell and trigger arbitrary system commands by accessing the uploaded plugin file with a code parameter. Affected software...

PT-2025-51310

Name of the Vulnerable Software and Affected Versions Blackcat CMS version 1.4 Description Blackcat CMS version 1.4 has a remote code execution issue. Authenticated administrators can upload malicious PHP files using the jquery plugin manager. An attacker can upload a zip file containing a PHP...

com.amazonaws.serverless:aws-serverless-java-container-struts (>=1.9 <=1.9.4), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (>=4.0.2 <=5.0.6) +77 more potentially affected by CVE-2025-64775 via org.apache.struts:struts2-core (>=6.0.0 <=6.7.4)

org.apache.struts:struts2-core MAVEN version =6.0.0, =1.9, =4.0.2, =4.0.2, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =1.4.0, =1.4.1, =1.4.0, =1.4.3 and more Source cves: CVE-2025-64775 Source advisory: SNYK:JAVA-ORG...

com.amazonaws.serverless:aws-serverless-java-container-struts2 (>=1.2 <=1.8.2), com.github.a-pz:struts2-thymeleaf3-plugin (>=1.0.3-RELEASE <=1.2.0-RELEASE) +164 more potentially affected by CVE-2025-64775 via org.apache.struts:struts2-core (>=2.5.1 <=2.5.33)

org.apache.struts:struts2-core MAVEN version =2.5.1, =1.2, =1.0.3-RELEASE, =1.1.9, =0.0.1, =6.0.0, =2.5.1, =2.5.1, =4.0.1 - com.jgeppert.struts2.jquery:struts2-jquery-chart-plugin =4.0.3 - com.jgeppert.struts2.jquery:struts2-jquery-datatables-plugin =4.0.3 -...

com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=6.0.0), com.jgeppert.struts2.bootstrap:struts2-bootstrap-showcase (=6.0.0) +53 more potentially affected by CVE-2025-64775 via org.apache.struts:struts2-core (>=7.0.0 <=7.0.3)

org.apache.struts:struts2-core MAVEN version =7.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.3 and more Source cves: CVE-2025-64775 Source advisory: OSV:GHSA-XX7V-HQXH-CJR9...

EUVD-2021-11455

Malware in sbrugna...

EUVD-2021-21313

Malware in sbrugna...

EUVD-2023-57745

Malicious code in bioql PyPI...

EUVD-2022-4938

Malicious code in bioql PyPI...

EUVD-2024-22212

Malicious code in bioql PyPI...

EUVD-2024-22213

Malicious code in bioql PyPI...

CVE-2025-34100

BuilderEngine 3.5.0 is vulnerable due to the integration of elFinder 2.0 and the jQuery File Upload plugin, which fails to validate file types/locations during uploads. This unauthenticated flow allows uploading a malicious PHP file and executing code on the server, producing full remote code exe...

CVE-2024-24849

Cross-Site Request Forgery CSRF vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1...

CVE-2021-24543

The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue...

gifplayer 跨站脚本漏洞

gifplayer is a customizable jquery plugin by Ruben Torres, a personal developer. A cross-site scripting vulnerability exists in gifplayer versions prior to 0.3.7 that stems from cross-site scripting...