EUVD-2015-7249

Malware in sbrugna...

EUVD-2014-1904

Malware in sbrugna...

EUVD-2014-0824

Malware in sbrugna...

EUVD-2025-22441

Malicious code in bioql PyPI...

CVE-2025-54294

A SQLi vulnerability in Komento component 4.0.0-4.0.7for Joomla was discovered. The issue allows unprivileged users to execute arbitrary SQL commands...

CVE-2025-54294

A SQLi vulnerability in Komento component 4.0.0-4.0.7for Joomla was discovered. The issue allows unprivileged users to execute arbitrary SQL commands...

CVE-2025-54294 Extension - stackideas.com - SQLi vulnerability in Komento component 4.0.0-4.0.7 for Joomla

A SQLi vulnerability in Komento component 4.0.0-4.0.7for Joomla was discovered. The issue allows unprivileged users to execute arbitrary SQL commands...

CVE-2025-54294 Extension - stackideas.com - SQLi vulnerability in Komento component 4.0.0-4.0.7 for Joomla

A SQLi vulnerability in Komento component 4.0.0-4.0.7for Joomla was discovered. The issue allows unprivileged users to execute arbitrary SQL commands...

CVE-2025-54294

CVE-2025-54294 describes a SQL injection vulnerability in the StackIdeas Komento component for Joomla, affecting versions 4.0.0–4.0.7. The issue allows unprivileged users to execute arbitrary SQL commands. The cited sources consistently tie the flaw to a SQL injection in Komento’s Joomla integrat...

StackIdeas Komento component SQL注入漏洞

StackIdeas Komento component is a commenting plugin from StackIdeas Malaysia. A SQL injection vulnerability exists in StackIdeas Komento component versions 4.0.0-4.0.7, which stems from a SQL injection vulnerability that could lead to the execution of arbitrary SQL commands...

PT-2025-30567 · Komento +1 · Komento +1

Name of the Vulnerable Software and Affected Versions: Komento versions 4.0.0 through 4.0.7 Description: A SQL injection flaw exists in the Komento component for Joomla. This issue permits unprivileged users to execute arbitrary SQL commands. Recommendations: Update Komento to a version newer tha...

CVE-2015-7324

CVE-2015-7324 concerns the StackIdeas Komento (com_komento) Joomla! component, prior to version 2.0.5. The vulnerability arises in helpers/comment.php where remote attackers can inject arbitrary HTML/script via the (1) img or (2) url tag when posting a new comment, constituting a cross-site scrip...

Komento 2.0.6, xss

We just released Komento 2.0.7 to address a security issue where a remote attacker may be able to launch an xss attack in prior versions of Komento. update notice: https://stackideas.com/blog/important-komento-2-0-7-security-fix...

Komento Component HTML Injection Vulnerability in Joomla!

Joomla! is an open source content management system CMS developed by the Open Source Matters team in the U.S. Komento is one of the generic commenting components. An HTML injection vulnerability exists in Joomla! Komento component versions prior to 2.0.5. An attacker can exploit this vulnerabilit...

Komento, 2.0.4 and previous, XSS (Cross Site Scripting)

Stackideas Komento, prior to 2.0.5, XSS Cross Site Scripting Resolved in version 2.0.5 Update notice: http://stackideas.com/changelog/komento?version=2.0.5...

Joomla Komento Cross Site Scripting Vulnerability

Joomla Komento versions prior to 2.0.5 suffer from a persistent cross site scripting vulnerability. Komento is a Joomla! comment extension for articles and blogs in K2, EasyBlog, ZOO, Flexicontent, VirtueMart and redShop. @http://stackideas.com/komento I found out that was possible to launch a...

Joomla Komento Cross Site Scripting

CVE Reference: CVE-2015-7324 Original advisory: https://www.davidsopas.com/komento-joomla-component-persistent-xss/ Author: David Sopas @dsopas Komento is a Joomla! comment extension for articles and blogs in K2, EasyBlog, ZOO, Flexicontent, VirtueMart and redShop. @http://stackideas.com/komento ...

Joomla Komento Extension 1.7.2 - Stored XSS Vulnerabilities

No description provided by source...

Cross-Site Scripting (XSS) in Komento Joomla Extension

Advisory ID: HTB23194 Product: Komento Joomla Extension Vendor: Stack Ideas Sdn Bhd. Vulnerable Versions: 1.7.2 and probably prior Tested Version: 1.7.2 Advisory Publication: January 2, 2014 without technical details Vendor Notification: January 2, 2014 Vendor Patch: January 2, 2014 Public...

CVE-2014-1837

Cross-site scripting XSS vulnerability in the StackIdeas Komento comkomento component before 1.7.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors related to "checking new comments."...