Malicious code in aurafarmer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 967bdc07ba43b92a320ad0ef81975a5547d24b987eda5b8cdf863fc7c18245e0 The package advertises an aurex CLI. Its login flow aurex/main.py around line 108 prompts the user for email and password and POSTs them as JSON to a...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Enduser Login page. An attacker can access sensitive user credentials by tricking a legitimate user into clicking a malicious link and logging in. Details Cross-site scripting or XSS is a code...

CVE-2025-40681

Cross-site Scripting XSS vulnerability reflected in xCally's Omnichannel v3.30.1. This vulnerability allowsan attacker to executed JavaScript code in the victim's browser by sending them a malicious URL using the 'failureMessage' parameter in '/login'. This vulnerability can be exploited to steal...

EUVD-2019-19174

Malware in sbrugna...

EUVD-2025-32121

Malicious code in bioql PyPI...

EUVD-2022-6208

Malicious code in bioql PyPI...

EUVD-2022-2030

Malicious code in bioql PyPI...

CVE-2025-59755

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

CVE-2025-59769 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

CVE-2025-59759 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

CVE-2025-59755 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

PT-2025-40372

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting XSS issue exists that allows an attacker to execute JavaScript code in a victim's browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the...

CVE-2024-52512

useroidc app is an OpenID Connect user backend for Nextcloud. A malicious user could send a malformed login link that would redirect the user to a provided URL after successfully authenticating. It is recommended that the Nextcloud User OIDC app is upgraded to 6.1.0...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that originates from a malicious user being able to send an incorrectly formatted login link that redirects th...

PYSEC-2023-155

jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URL...

CVE-2023-39968

jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URL...

Imperva Stops Hordes of Bots from Hijacking Financial Accounts in Largest Recorded Account Takeover Attack

Consider for a moment that an army of bots is setting their sights on your website. They target your login page and hammer it with millions of requests in an ongoing attack that lasts days, raising your infrastructure and fraud prevention costs. Would this frighten you? What if this barrage of bo...

CVE-2021-27414

An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management EAM versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials...

Mirantis Container Cloud 输入验证错误漏洞

Mirantis Container Cloud is a container platform from Mirantis, Inc. It provides a single management platform for managing clusters on any supported infrastructure and allows you to integrate CI/CD pipelines. A security vulnerability exists in Mirantis Container Cloud that stems from a lack of UR...

VulnCheck KEV: CVE-2020-21224

A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server...