PT-2026-27623

Name of the Vulnerable Software and Affected Versions Authelia versions 4.39.15 Description Authelia is an open-source authentication and authorization server. An attacker may potentially be able to inject javascript into the Authelia login page if specific conditions are met, including...

CVE-2026-27009 OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a atored XSS issue in the OpenClaw Control UI when rendering assistant identity name/avatar into an inline tag without script-context-safe escaping. A crafted value containing could break out of the script tag and execute...

CVE-2025-66500

A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...

CVE-2025-66500

A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...

CVE-2025-66500 Foxit webplugins.foxit.com Stored Cross-Site Scripting via postMessage Vulnerability

A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...

PT-2025-52428

A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...

CVE-2025-0276

CVE-2025-0276 affects HCL BigFix Modern Client Management (MCM)

EUVD-2007-3317

Malware in sbrugna...

EUVD-2015-6410

Malware in sbrugna...

EUVD-2001-0679

Malware in sbrugna...

EUVD-2007-1472

Malware in sbrugna...

EUVD-2003-1092

Malware in sbrugna...

EUVD-2011-1032

Malware in sbrugna...

EUVD-2002-1164

Malware in sbrugna...

EUVD-2022-4608

Malicious code in bioql PyPI...

CVE-2002-2413

WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name...

CVE-2025-25187 Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's dangerouslySetInnerHTML, without first escaping HTML entities. Joplin lacks a...

BIT-PHP-MIN-2024-4577 Argument Injection in PHP-CGI

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

CVE-2022-43711

Interactive Forms IAF in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks XSS because the CSP header uses eval in the script-src...

PT-2023-14299 · Gx · Xperiencentral

Name of the Vulnerable Software and Affected Versions: GX Software XperienCentral versions 10.29.1 through 10.33.0 Description: The issue allows for cross site scripting attacks XSS due to the Content Security Policy CSP header using eval in the script-src, which is associated with Interactive...