160 matches found
CVE-2026-47953
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
EUVD-2020-31243
Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which...
CVE-2026-40504 Creolabs Gravity < 0.9.6 Heap Buffer Overflow via gravity_vm_exec
Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...
CVE-2025-59903
Stored Cross-Site Scripting XSS vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content, which are then stored on the server and executed in the context of any user accessing the compromis...
CVE-2025-66601
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVR...
CVE-2022-26555
A stored cross-site scripting XSS vulnerability in the Add a Button function of Eova v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the button name text box...
CVE-2022-35569
Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted file...
CVE-2020-23041
Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting XSS vulnerability in the path parameter of the list and download exception-handling. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request...
CVE-2020-23481
CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field...
CVE-2022-27308
A stored cross-site scripting XSS vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title...
CVE-2024-2137
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets e.g. Pricing Single, Pricing Icon, Pricing Tab in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. Thi...
EUVD-2020-11604
Malware in sbrugna...
EUVD-2020-4309
Malware in sbrugna...
EUVD-2020-23568
Malware in sbrugna...
EUVD-2020-11195
Malware in sbrugna...
EUVD-2020-18511
Malware in sbrugna...
EUVD-2020-16362
Malware in sbrugna...
EUVD-2020-13382
Malware in sbrugna...
EUVD-2020-21341
Malware in sbrugna...
EUVD-2021-22001
Malware in sbrugna...