CVE-2025-10727 Reflected XSS in ArkSigner's AcBakImzala

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows Reflected XSS. This issue affects AcBakImzala: before v5.1.4...

EUVD-2023-0312

Malicious code in bioql PyPI...

EUVD-2024-26907

Malicious code in bioql PyPI...

OESA-2025-1991 jakarta-mail security update

The Jakarta Mail API provides a platform-independent and protocol-independent framework to build mail and messaging applications. Security Fixes: A vulnerability has been found in Eclipse Jakarta Mail 2.2 and classified as problematic.The CWE definition for the vulnerability is CWE-147. The produ...

WordPress plugin BruteGuard – Brute Force Login Protection 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

PT-2023-4659 · Unknown · Mxsecurity

Name of the Vulnerable Software and Affected Versions: MXsecurity versions prior to v1.0.1 Description: A vulnerability has been identified that allows the unauthorized disclosure of authenticated information. This issue arises when special elements are not neutralized correctly, allowing remote...

Typora fails to properly neutralize JavaScript code.

Overview Typora fails to properly neutralize JavaScript code CWE-116. Eiji Mori of Flatt Security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Opening a file with the affected product may lead to...

Cross-site Scripting (XSS) - Stored

Description The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept Add Item,And name is payload alertlocation...

CVE-2021-32981

AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that ca...

CVE-2020-16214

In Patient Information Center iX PICiX Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value CSV file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadshee...