CVE-2026-27854

An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus triggering a...

CVE-2021-41142

Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. There is a cross-site scripting vulnerability in Tuleap Community Edition prior to 12.11.99.25 and Tuleap Enterprise Edition 12.11-2. A malicious user with the capability to add and...

CVE-2019-7333

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download download.php because proper filtration is omitted...

EUVD-2019-1731

Malware in sbrugna...

EUVD-2025-15735

Malicious code in bioql PyPI...

EUVD-2024-41067

Malicious code in bioql PyPI...

EUVD-2024-43571

Malicious code in bioql PyPI...

CVE-2025-6353

A vulnerability classified as problematic was found in code-projects Responsive Blog 1.0. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be launched remotely. The exploit ha...

PT-2025-26309 · Unknown · Code-Projects School Fees Payment System

Name of the Vulnerable Software and Affected Versions: code-projects School Fees Payment System version 1.0 Description: A problematic vulnerability has been found in the code-projects School Fees Payment System. This issue affects an unknown part of the file /branch.php. The manipulation of the...

CVE-2023-47620

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code...

CVE-2020-18724

Authenticated stored cross-site scripting XSS in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list...

pgAdmin < 9.2 Multiple Vulnerabilities

The version of pgAdmin installed on the remote host is prior to 9.2. It is, therefore, affected by the following vulnerabilities: - Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints;...

CVE-2025-2946

CVE-2025-2946 is a Cross‑Site Scripting (XSS) vulnerability in pgAdmin 4 where arbitrary HTML/JavaScript can execute in a user’s browser via query result rendering. Affected version: pgAdmin

Dassault Systèmes ENOVIA Collaborative Industry Innovator 安全漏洞

Dassault Systèmes ENOVIA Collaborative Industry Innovator is an essential toolset for real-time, secure and structured collaboration and product content management for an engineering team at Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes ENOVIA Collaborative Indust...

CVE-2025-25747

CVE-2025-25747: A Cross Site Scripting vulnerability in DigitalDruid HotelDruid v3.0.7 allows an attacker to execute arbitrary code and disclose sensitive information via the ripristina_backup parameter in crea_backup.php. Root cause details are not provided beyond the parameter abuse; the provid...

CVE-2025-25747

Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristinabackup parameter in the creabackup.php endpoint...

PT-2025-5686 · Sensaphone · Sensaphone Web600

Name of the Vulnerable Software and Affected Versions: Sensaphone Web600 affected versions not specified Description: The issue concerns stored cross-site scripting XSS in the system's Setup, Profile, and Zone options. This means that an attacker could potentially inject malicious code into these...

CVE-2024-13033 code-projects Chat System chatroom.php cross site scripting

A vulnerability, which was classified as problematic, has been found in code-projects Chat System 1.0. Affected by this issue is some unknown functionality of the file /admin/chatroom.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The...

CVE-2024-12359 code-projects Admin Dashboard vendor_management.php cross site scripting

A vulnerability was found in code-projects Admin Dashboard 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /vendormanagement.php. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploi...

CVE-2023-43878

Rite CMS 3.0 has Multiple Cross-Site scripting XSS vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu...