32 matches found
CVE-2025-65924
ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically hyperlinks in fields that are intended for plain text. Although JavaScript is blocked preventing XSS, the HTML is still preserved in the generated PDF document. As a result, an attacker can inject malicious clickable...
CVE-2025-34411
The Convercent Whistleblowing Platform exposes an unauthenticated API endpoint at /GetLegalEntity that returns internal customer legal-entity names based on a supplied searchText fragment. An unauthenticated attacker can query the endpoint with common legal-suffix terms to enumerate Convercent te...
EUVD-2008-0377
Malware in sbrugna...
EUVD-2018-12233
Malware in sbrugna...
EUVD-2016-7738
Malware in sbrugna...
EUVD-2021-24958
Malware in sbrugna...
EUVD-2022-3435
Malicious code in bioql PyPI...
EUVD-2022-27494
Malicious code in bioql PyPI...
EUVD-2022-52726
Malicious code in bioql PyPI...
EUVD-2025-18433
Malicious code in bioql PyPI...
EUVD-2023-35202
Malicious code in bioql PyPI...
Pandora Cyber Attack Exposes Customer Data Via Third-Party Vendor
Pandora cyber attack exposes customer data via third-party breach. No passwords or payment info leaked, but phishing risks remain...
PT-2025-30420 · Telegai · Telegai
Name of the Vulnerable Software and Affected Versions: TelegAI versions through 2025-05-26 Description: An Insecure Direct Object Reference IDOR vulnerability exists in the chat component of TelegAI. This allows an attacker to tamper with other users' conversations. Additionally, malicious conten...
CVE-2025-3777
CVE-2025-3777 : In Hugging Face Transformers, versions up to 4.49.0 are affected by improper input validation in image_utils.py due to insecure URL validation with startswith(), bypassable via URL username injection. Attackers could craft URLs that appear to be from YouTube but resolve to malicio...
CVE-2025-6087 SSRF vulnerability in opennextjs-cloudflare via /_next/image endpoint
A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...
CVE-2024-1566
The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to change redirects created with this plugin. This could...
CVE-2023-23738
Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through 2.3.0...
CVE-2025-3523
When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from...
CVE-2025-3027
The vulnerability exists in the EJBCA service, version 8.0 Enterprise. By making a small change to the PATH of the URL associated with the service, the server fails to find the requested file and redirects to an external page. This vulnerability could allow users to be redirected to potentially...
CVE-2025-30781
CVE-2025-30781 concerns the Scheduled & Automatic Order Status Controller for WooCommerce. It describes an Open Redirect vulnerability that could enable phishing by redirecting users to untrusted sites. Affected software ranges “from n/a through 3.7.1.” Connected vulnerability listings indicate t...