CVE-2025-23112

An issue was discovered in REDCap 14.9.6. A stored cross-site scripting XSS vulnerability allows authenticated users to inject malicious scripts into the Survey field name of Survey. When a user receive the survey, if he clicks on the field name, it triggers the XSS payload...

EUVD-2019-7582

Malware in sbrugna...

EUVD-2020-19871

Malware in sbrugna...

EUVD-2019-6034

Malware in sbrugna...

EUVD-2013-4465

Malware in sbrugna...

EUVD-2024-53101

Malicious code in bioql PyPI...

EUVD-2025-3125

Malicious code in bioql PyPI...

CVE-2024-56310

CVE-2024-56310 affects REDCap up to 14.9.6 and up to 15.0.0, due to missing CSRF protections on the Logout functionality. An attacker can lure a user to click a Project Dashboards name containing a payload, triggering a logout and terminating the user session. Root cause: CSRF protection absent o...

PT-2024-36782 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap versions 14.9.6 through 15.0.0 Description: The issue is related to a security flaw in the Notes section of calendar events in REDCap, exposing users to a Cross-Site Request Forgery CSRF attack. An attacker can exploit this by luring...

CVE-2024-56311

REDCap through 14.9.6 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery CSRF attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout request and terminates their session. This...

CVE-2020-27358

An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature that allows users to export their conversation threads as CSV allows non-privileged users to export one another's conversation threads by changing the threadid parameter in the request to the endpoint...