PHPGurukul Human Metapneumovirus Testing Management System 代码注入漏洞

PHPGurukul Human Metapneumovirus Testing Management System is a human subpneumovirus testing management system from PHPGurukul, Inc. A code injection vulnerability exists in version 1.0 of the PHPGurukul Human Metapneumovirus Testing Management System, which originates from cross-site scripting a...

Mercurial SCM 代码注入漏洞

Mercurial SCM is a free distributed source code control management tool from Mercurial SCM open source. A code injection vulnerability exists in Mercurial SCM version 4.5.3/71.19.145.211, which originates from cross-site scripting and could lead to a remote attacker executing arbitrary script in ...

CVE-2024-28803

Cross-site scripting XSS vulnerability in Italtel S.p.A. i-MCS NFV v.12.1.0-20211215 allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameter...

Malicious code in tonetext (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c46725ad6c88079cce4f7fa4a29175fec7f78ea83344da99d0f02ac4f020fcf3 When imported, the code embedded into the exception class downloads a remote file, and runs it by importing, and attempts to cover tracks by overwriting itself...

MAL-2025-191906 Malicious code in tonetext (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c46725ad6c88079cce4f7fa4a29175fec7f78ea83344da99d0f02ac4f020fcf3 When imported, the code embedded into the exception class downloads a remote file, and runs it by importing, and attempts to cover tracks by overwriting itself...

CVE-2024-50705

Unauthenticated reflected cross-site scripting XSS vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter...

Linux Distros Unpatched Vulnerability : CVE-2024-3841

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged...

WordPress Yoast SEO Plugin < 5.8.0 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:yoast:yoastseo"; if description...

CVE-2024-34224

Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters...

Embedded Malicious Code

Overview uniapi is an A Universal API Framework. Affected versions of this package are vulnerable to Embedded Malicious Code which contains code that executes upon importing the module. This code downloads a script from a remote URL and executes it in a thread. The downloaded script collects syst...

PT-2025-5637 · Pypi · Uniapi

Name of the Vulnerable Software and Affected Versions: uniapi version 1.0.7 Description: The issue concerns code introduced in uniapi version 1.0.7 that executes upon import of the module. This code downloads a script from a remote URL and then runs the downloaded script in a thread, which harves...

uniapi version 1.0.7 contained an information harvesting script.

uniapi version 1.0.7 introduces code that would executeon import of the module and download a script from a remote URL,and would then execute the downloaded script in a thread.The downloaded script would harvest system informationand POST the information to another remote URL.This code was found ...

PT-2025-5672 · Uniapi · Uniapi

Name of the Vulnerable Software and Affected Versions: uniapi version 1.0.7 Description: The issue concerns code introduced in a specific version of the software that executes upon import of the module. This code downloads a script from a remote URL and then executes the downloaded script in a...

CVE-2025-23198

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters Replace $DEVICEID with your specific $DEVICEID value:/device/$DEVICEID/edit - param: display. Librenms versions up to 24.10.1 allow remote attackers to inject...

CVE-2024-56144 Stored XSS-LibreNMS-Display Name 2 in librenms

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters Replace $DEVICEID with your specific $DEVICEID value:/device/$DEVICEID/edit - param: display. Librenms versions up to 24.11.0 allow remote attackers to inject...

LibreNMS Misc Section Stored Cross-site Scripting vulnerability

StoredXSS-LibreNMS-MiscSection Description: Stored XSS on the parameter: ajaxform.php - param: state Request: http POST /ajaxform.php HTTP/1.1 Host: X-Requested-With: XMLHttpRequest X-CSRF-TOKEN: Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Cookie:...

GHSA-C66P-64FJ-JMC2 LibreNMS Misc Section Stored Cross-site Scripting vulnerability

StoredXSS-LibreNMS-MiscSection Description: Stored XSS on the parameter: ajaxform.php - param: state Request: http POST /ajaxform.php HTTP/1.1 Host: X-Requested-With: XMLHttpRequest X-CSRF-TOKEN: Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Cookie:...

GHSA-2F4W-6MC7-4W78 LibreNMS Display Name 2 Stored Cross-site Scripting vulnerability

StoredXSS-LibreNMS-Display Name 2 Description: XSS on the parameters Replace $DEVICEID with your specific $DEVICEID value:/device/$DEVICEID/edit - param: display of Librenms versions 24.11.0 https://github.com/librenms/librenms allows remote attackers to inject malicious scripts. When a user view...

JFinalOA 安全漏洞

JFinalOA is an enterprise office system developed on the JFinal framework by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01. An attacker exploiting this vulnerability could execute arbitrary web script or HTML via a specially crafted payloa...

CVE-2025-22395

Dell Update Package Framework, versions prior to 22.01.02, contains a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of...