28 matches found
EUVD-2020-26486
Malware in sbrugna...
EUVD-2025-4470
Malicious code in bioql PyPI...
EUVD-2025-4460
Malicious code in bioql PyPI...
EUVD-2025-8662
Malicious code in bioql PyPI...
EUVD-2025-4464
Malicious code in bioql PyPI...
EUVD-2025-4468
Malicious code in bioql PyPI...
EUVD-2025-4471
Malicious code in bioql PyPI...
EUVD-2025-4465
Malicious code in bioql PyPI...
CVE-2024-27474
Leantime 3.0.6 is vulnerable to Cross Site Request Forgery CSRF. This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users, specifically administrators...
CVE-2024-27476
Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show/tickets/newTicket...
CVE-2025-28254
Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions...
Duplicate Advisory: Leantime affected by Improper Neutralization of HTML Tags
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-95j3-435g-vjcp. This link is maintained to preserve external references. Original Description Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrar...
GHSA-JF6P-4HGV-V6QH Duplicate Advisory: Leantime affected by Improper Neutralization of HTML Tags
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-95j3-435g-vjcp. This link is maintained to preserve external references. Original Description Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrar...
CVE-2025-28254
Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions...
CVE-2025-28254
CVE-2025-28254 concerns Leantime v3.2.1 and earlier and describes an authenticated XSS vulnerability triggered by the first name field in processMentions(), potentially allowing arbitrary code execution and access to sensitive information. Affected component: Leantime’s processMentions implementa...
CVE-2025-28254
Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions...
CVE-2025-28254
Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions...
Host Header Injection
leantime/leantime is vulnerable to Host Header Injection. The vulnerability is due to improper validation of the host header due to the system allowing attackers to manipulate HTTP request headers, leading to unauthorized access to user details...
Authorization Bypass
leantime/leantime is vulnerable to an Authorization Bypass. The vulnerability is due to missing authorization checks on the "Host" parameter, allowing an attacker to access another user's profile information by modifying the parameter...
Cross-Site Scripting (XSS)
leantime/leantime is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization and output encoding of the title field in a To-Do, allows an attacker to inject and execute arbitrary JavaScript in a victim's browser...