EUVD-2020-31243

Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which...

CVE-2026-40504 Creolabs Gravity < 0.9.6 Heap Buffer Overflow via gravity_vm_exec

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

CVE-2025-59903

Stored Cross-Site Scripting XSS vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content, which are then stored on the server and executed in the context of any user accessing the compromis...

CVE-2025-66601

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVR...

CVE-2022-26555

A stored cross-site scripting XSS vulnerability in the Add a Button function of Eova v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the button name text box...

CVE-2022-35569

Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted file...

CVE-2020-23041

Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting XSS vulnerability in the path parameter of the list and download exception-handling. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request...

CVE-2020-23481

CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field...

CVE-2022-27308

A stored cross-site scripting XSS vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title...

CVE-2024-2137

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets e.g. Pricing Single, Pricing Icon, Pricing Tab in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. Thi...

EUVD-2020-4309

Malware in sbrugna...

EUVD-2020-11604

Malware in sbrugna...

EUVD-2021-22001

Malware in sbrugna...

EUVD-2020-23568

Malware in sbrugna...

EUVD-2020-18511

Malware in sbrugna...

EUVD-2020-16362

Malware in sbrugna...

EUVD-2020-21341

Malware in sbrugna...

EUVD-2020-13382

Malware in sbrugna...

EUVD-2005-1340

Malware in sbrugna...

EUVD-2020-11195

Malware in sbrugna...