132 matches found
CVE-2023-53940
CVE-2023-53940 affects Codigo Markdown Editor 1.0.1 (Electron). The vulnerability arises from handling of markdown files where an embedded video source with an onerror event can trigger arbitrary shell commands via Node.js child_process, enabling code execution when the file is opened. Public ind...
CVE-2023-53940 Codigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown File
Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...
PT-2025-52319
Name of the Vulnerable Software and Affected Versions Codigo Markdown Editor version 1.0.1 Description The software contains a code execution issue that permits attackers to execute arbitrary system commands by creating a malicious markdown file. An attacker can embed a video source with an onerr...
CVE-2023-53887
Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...
CVE-2023-53887
Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...
CVE-2023-53887
Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...
CVE-2023-53887 Zomplog 3.9 Cross-Site Scripting Vulnerability via Page Creation
Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...
CVE-2023-53887 Zomplog 3.9 Cross-Site Scripting Vulnerability via Page Creation
Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...
PT-2025-51305
Name of the Vulnerable Software and Affected Versions Zomplog version 3.9 Description The software contains a cross-site scripting issue that permits authenticated users to inject malicious scripts during the creation of new pages. An attacker can leverage crafted malicious image source and onerr...
EUVD-2019-5215
Malware in sbrugna...
EUVD-2019-4529
Malware in sbrugna...
EUVD-2017-14491
Malware in sbrugna...
EUVD-2019-13518
Malware in sbrugna...
EUVD-2018-10262
Malware in sbrugna...
EUVD-2021-20258
Malware in sbrugna...
EUVD-2019-19147
Malware in sbrugna...
EUVD-2025-25193
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-30349
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail...
Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source
Impact A stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes arbitrary JavaScript execution. The attacker can also inject...
GHSA-HFMV-HHH3-43F2 Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source
Impact A stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes arbitrary JavaScript execution. The attacker can also inject...