Foxit PDF Editor 安全漏洞

Foxit PDF Editor is a PDF editor from the Chinese company Foxit Foxit. A security vulnerability exists in Foxit PDF Editor that stems from improperly cleaned input in the predefined text function, which could lead to stored cross-site scripting...

EUVD-2019-1698

Malware in sbrugna...

EUVD-2019-0741

Malware in sbrugna...

EUVD-2015-5548

Malware in sbrugna...

EUVD-2024-2241

Malicious code in bioql PyPI...

EUVD-2022-24769

Malicious code in bioql PyPI...

EUVD-2021-28347

Malicious code in bioql PyPI...

EUVD-2023-58693

Malicious code in bioql PyPI...

EUVD-2024-2599

Malicious code in bioql PyPI...

EUVD-2025-4971

Malicious code in bioql PyPI...

CVE-2025-6078

Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScript, enabling an attacker to add a note...

CVE-2013-10034

CVE-2013-10034 affects Kaseya KServer versions prior to 6.3.0.2. The vulnerability is an unrestricted file upload via the vulnerable uploadImage.asp endpoint, allowing unauthenticated upload of files to arbitrary paths through a crafted filename in a multipart/form-data POST. A file with an .asp ...

CVE-2025-34047

A path traversal vulnerability exists in the Leadsec SSL VPN formerly Lenovo NetGuard, allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation,...

CVE-2025-34047 Leadsec VPN Path Traversal Arbitrary File Read

A path traversal vulnerability exists in the Leadsec SSL VPN formerly Lenovo NetGuard, allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation,...

WordPress plugin YITH WooCommerce Wishlist 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2025-41234 RFD Attack via “Content-Disposition” Header Sourced from Request

Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input...

Ubuntu: Security Advisory (USN-7556-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-32015 FreshRSS vulnerable to Cross-site Scripting by embedding <script> tag inside <iframe srcdoc>

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the attribute, which leads to cross-site scripting XSS by loading an attacker's UserJS inside . In order to execute the attack, the attacker needs to control one of the victim's feeds and...

CVE-2025-32015 FreshRSS vulnerable to Cross-site Scripting by embedding <script> tag inside <iframe srcdoc>

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the attribute, which leads to cross-site scripting XSS by loading an attacker's UserJS inside . In order to execute the attack, the attacker needs to control one of the victim's feeds and...

USN-7544-1: Setuptools vulnerability

It was discovered that setuptools did not properly sanitize paths. An attacker could possibly use this issue to write files to arbitrary locations on the filesystem...