8 matches found
EUVD-2024-26135
Malicious code in bioql PyPI...
EUVD-2025-3443
Malicious code in bioql PyPI...
CVE-2025-41675
CVE-2025-41675 concerns MB CONNECT LINE mbNET.mini and Helmholz/mbNET.mini gateways where an OS command injection arises from improper neutralization of special elements in OS commands. The vulnerability allows a high-privilege remote attacker to trigger arbitrary system commands via GET requests...
CVE-2025-28957
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OwnerRez OwnerRez API ownerrez allows Stored XSS.This issue affects OwnerRez API: from n/a through = 1.2.1...
CVE-2025-53493
CVE-2025-53493 affects MediaWiki MintyDocs Extension (versions 1.39.X–1.43.1) with Stored XSS due to improper neutralization of input during web page generation. The issue is fixed in 1.43.2; stakeholders should upgrade MintyDocs to 1.43.2 or later. Other connected sources (PT-2025-27640, Red Hat...
CVE-2025-22632
CVE-2025-22632 affects the WordPress plugin “WooCommerce Pricing – Product Pricing” (≤1.0.9) and is a Stored XSS vulnerability caused by improper input neutralization during page generation. The CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L) yields a base score of 7.1 (High) and indicates ...
Cross-Site Scripting (XSS)
Drupal Core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of input during web page generation, allowing malicious scripts to be executed on the client-side...
The vulnerability of the Gstreamer module in the office software package LibreOffice allows a hacker to execute arbitrary Gstreamer plugins.
The vulnerability of the Gstreamer module in the LibreOffice office software package exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a malicious actor to remotely execute arbitrary Gstreamer plugins...