EUVD-2025-25224

Malicious code in bioql PyPI...

EUVD-2024-46193

Malicious code in bioql PyPI...

EUVD-2024-23415

Malicious code in bioql PyPI...

EUVD-2025-17844

Malicious code in bioql PyPI...

EUVD-2023-52633

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rich text field in web content articles. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting crafted input to this field. Details Cross-site scripting or XSS is a code...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Publisher portal. An attacker can execute arbitrary JavaScript in the context of another user's browser by uploading a crafted API document containing malicious scripts. This can lead to unauthorized UI...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Publisher portal. An attacker can execute arbitrary JavaScript in the context of another user's browser by uploading a crafted API document containing malicious scripts. This can lead to unauthorized UI...

CVE-2025-1131 Asterisk Unsafe Shell Sourcing in safe_asterisk Leads to Local Privilege Escalation

A local privilege escalation vulnerability exists in the safeasterisk script included with the Asterisk toolkit package. When Asterisk is started via this script common in SysV init or FreePBX environments, it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating...

U.S. Dept Of Defense: Cross-Site Scripting via URL on ███████

A Cross-Site Scripting XSS vulnerability was discovered on an official domain from the Department of Defense. The vulnerability could be exploited through the GET method, allowing an attacker to inject malicious scripts that could potentially be executed. No further details were provided...

CVE-2025-9882

The osTicket WP Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

PT-2025-38292

Name of the Vulnerable Software and Affected Versions itsourcecode Online Petshop Management System version 1.0 Description A cross-site scripting issue exists in the Available Products Page component of the software, specifically within the addcnp.php file. Manipulation of the name/description...

CVE-2025-53119

An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious binaries and scripts to the server...

CVE-2025-53119

CVE-2025-53119 /CVE-2025-53120 affect Securden Unified PAM. An unauthenticated unrestricted file upload (CVE-2025-53119) allows uploading arbitrary files to the server via /accountapp/upload_web_recordings_from_api_server; CVE-2025-53120 also enables path traversal to overwrite files. Exploitatio...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the components tab. An attacker can execute arbitrary web script or HTML by injecting malicious content that is rendered in the user's browser. Details Cross-site scripting or XSS is a code vulnerability tha...

CVE-2025-55029

Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks. This vulnerability was fixed in Firefox for iOS 142...

CVE-2025-46932 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46936 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-55029

Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks. This vulnerability was fixed in Firefox for iOS 142...

CVE-2025-55033

The CVE describes a Cross-Site Scripting (XSS) issue in Mozilla Focus for iOS prior to version 142. The vulnerability arises when dragging JavaScript links to the URL bar, which can cause arbitrary script execution. Affected product: Focus for iOS (versions