EUVD-2026-31060

A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that can be triggered by a different user...

Directory Traversal

Overview @payloadcms/storage-r2 is a Payload storage adapter for Cloudflare R2 Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of filenames in the client-upload signed-URL endpoints for S3, GCS, Azure, and R2. An attacker can escape the intend...

Directory Traversal

Overview @payloadcms/storage-gcs is a Payload storage adapter for Google Cloud Storage Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of filenames in the client-upload signed-URL endpoints for S3, GCS, Azure, and R2. An attacker can escape th...

EUVD-2025-7732

Malicious code in bioql PyPI...

CVE-2025-55104

A stored cross-site scripting XSS vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any user attacker supplied JavaScript may execute ...

CVE-2025-55104

A stored cross-site scripting XSS vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any user attacker supplied JavaScript may execute ...

CVE-2025-41365

Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that...

CVE-2025-41365 Code injection vulnerability in IDF and ZLF

Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that...

CVE-2025-3191

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

CVE-2025-27155 In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim

Pinecone is an experimental overlay routing protocol suite which is the foundation of the current P2P Matrix demos. The Pinecone Simulator pineconesim included in Pinecone up to commit ea4c337 is vulnerable to stored cross-site scripting. The payload storage is not permanent and will be wiped whe...

Rocketsoft Rocket LMS 跨站脚本漏洞

RocketSoft Rocket LMS is a full-featured Learning Management System from RocketSoft, Inc. A security vulnerability exists in Rocketsoft Rocket LMS version 1.9 that stems from the presence of a cross-site scripting XSS vulnerability that allows administrators to store JavaScript payloads using the...

Code Execution Vulnerability in Easoft Tianchuang Ranzhi Collaboration Office System

Ranz is a collaborative office system for small and medium-sized businesses. A code execution vulnerability exists in Easoft Tiantron's Ranzhi Collaboration Office System, which can be exploited by an attacker to store a maliciously-constructed payload into the database, and the system will execu...

CVE-2017-16567

Persistent Cross-Site Scripting XSS vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malicious JavaScript payloads, which are executed when users access the affected functionality...