EUVD-2019-2675

Malware in sbrugna...

EUVD-2025-29104

Malicious code in bioql PyPI...

CVE-2025-10385

The CVE-2025-10385 entry concerns Mercury KM08-708H GiGA WiFi Wave2 (version 1.1). Affected code is the function sub_450B2C in /goform/mcr_setSysAdm; manipulating the ChgUserId argument causes a buffer overflow. The issue is exploitable remotely and has public PoC/exploits. Reported impact indica...

PT-2025-37395

Name of the Vulnerable Software and Affected Versions: Mercury KM08-708H GiGA WiFi Wave2 version 1.1 Description: A buffer overflow issue exists in the sub 450B2C function of the /goform/mcr setSysAdm file. The vulnerability is triggered by manipulating the ChgUserId argument, allowing for remote...

CVE-2019-10961

In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution...

CVE-2024-51859

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bamboo Manchester Bamboo Enquiries bamboo-enquiries allows Stored XSS.This issue affects Bamboo Enquiries: from n/a through = 1.9.3...

Microsoft Azure MCR VSTS CLI vstscli Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of MCR VSTS CLI for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of MCR VSTS CLI. When installed from the Microsoft...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bamboo Mcr Bamboo Columns allows Stored XSS.This issue affects Bamboo Columns: from n/a through 1.6.1...

CVE-2023-44143

CVE-2023-44143 concerns the WordPress Bamboo Columns plugin, affected versions through 1.6.1. The issue is a Stored Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization and insufficient output escaping during web page generation. The exposure can allow attackers with a...

CVE-2023-47812

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bamboo Mcr Bamboo Columns plugin = 1.6.1 versions...

CVE-2023-47812

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bamboo Mcr Bamboo Columns plugin = 1.6.1 versions...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bamboo Mcr Bamboo Columns plugin = 1.6.1 versions...

CVE-2023-47812

CVE-2023-47812 affects Bamboo Columns (WordPress) ≤ 1.6.1. It is a Stored XSS vulnerability triggered by input during web page generation, requiring authenticated Contributor+ access. Desktop/public impact: injection of scripts on pages viewed by users. Remediation status in the provided docs is ...

PT-2023-30622 · Unknown · Bamboo Mcr Bamboo Columns Plugin

Name of the Vulnerable Software and Affected Versions: Bamboo Mcr Bamboo Columns plugin versions = 1.6.1 Description: The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting. Recommendations: For Bamboo Mcr Bamboo Columns plugin...

Depositors might not be able to withdraw from StabilityPool if any collateral's price drops significantly

Lines of code Vulnerability details In the TroveManager contract, the closeTrove function contains a check to ensure there is more than one trove, as shown below. TroveManager.solL1278-L1282: function closeTroveaddress borrower, address collateral, Status closedStatus internal assertclosedStatus ...

mcr-properties.co.uk Cross Site Scripting vulnerability OBB-2980992

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

tunnelvisionmcr.co.uk Improper Access Control vulnerability OBB-2227523

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Honeywell MCR Web Controller Cross Site Scripting / Path Disclosure

Honeywell MCR Web Controller Full Path Disclosure & Cross Site Scripting Vendor Homepage: https://www.honeywell.com WebVersion: XL1000C50 EXCEL WEB 52 I/O, XL1000C500 EXCEL WEB 300 I/O, XL1000C100 EXCEL WEB 104 I/O, XL1000C1000 EXCEL WEB 600 I/O, XL1000C50U EXCEL WEB 52 I/O UUKL, XL1000C500U EXCE...

Advantech WebAccess HMI Designer MCR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

CVE-2019-10961

In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution...