Improper Neutralization of Special Elements Used in a Template Engine

Overview giskard-checks is an Add your description here Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the rule parameter in the ConformityCheck class. An attacker can execute arbitrary code by supplying malicious...

EUVD-2021-30643

Malicious code in bioql PyPI...

EUVD-2021-30642

Malicious code in bioql PyPI...

CVE-2023-37787

Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php...

CVE-2021-43735

CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule...

CVE-2021-43735

CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule...

CVE-2021-43736

CmsWing CMS 1.3.7 is affected by a Remote Code Execution RCE vulnerability via parameter: log rule...

Pegasystem Pega Platform Cross-Site Scripting Vulnerability (CNVD-2020-63481)

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications for BPM Business Process Management, Case Management, Real Time Decision Making and CRM Customer Relationship Management. A cross-site scripting vulnerability...

SQL Injection Vulnerability in Human Resource Network Management System of Hunan Qingguo Software Co.

Hunan Qingguo Software Co., Ltd. human resources network management system is mainly used in the field of university education management WEB system. The product exists /rlweb/data/rule.aspx?id=Page there is a SQL injection vulnerability, the injection parameter is: id Attackers can use the...

Spree controller Parameter Arbitrary Ruby Object Instantiation Command Execution

Spree Commerce 1.0.x before 2.0.0.rc1 allows remote authenticated administrators to instantiate arbitrary Ruby objects and executd arbitrary commands via the 1 paymentmethod parameter to core/app/controllers/spree/admin/ paymentmethodscontroller.rb; and the 2 promotionaction parameter to...