CLSA-2026-1777539404 squid34: Fix of 12 CVEs

CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...

CVE-2019-20437

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as t...

EUVD-2018-1046

Malware in sbrugna...

EUVD-2025-17909

Malicious code in bioql PyPI...

EUVD-2023-52661

Malicious code in bioql PyPI...

EUVD-2024-35978

Malicious code in bioql PyPI...

EUVD-2024-23407

Malicious code in bioql PyPI...

EUVD-2023-52627

Malicious code in bioql PyPI...

EUVD-2024-18495

Malicious code in bioql PyPI...

EUVD-2024-23395

Malicious code in bioql PyPI...

EUVD-2024-35960

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-16358

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to uplo...

CVE-2025-54078 WeGIA Reflected Cross-Site Scripting (XSS) vulnerability in endpoint 'personalizacao_imagem.php' parameter 'err'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in versions prior to 3.4.6 in the personalizacaoimagem.php endpoint of the WeGIA application. This vulnerability allows...

CVE-2025-40734

Reflected Cross-Site Scripting XSS vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the password and confirmpassword parameters in /register.php...

CVE-2025-47115

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-47089

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46859

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-47114

CVE-2025-47114 describes a stored XSS in Adobe Experience Manager (AEM) versions 6.5.22 and earlier. The vulnerability allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, which execute in a victim’s browser when visiting the affected page. Public details in c...

PT-2025-25018 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing an attacker with limited privileges to inject malicious scripts into vulnerable form fields. This could...

CVE-2022-28379

jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion...