39 matches found
EUVD-2020-17969
Malware in sbrugna...
EUVD-2018-7526
Malware in sbrugna...
EUVD-2021-11455
Malware in sbrugna...
EUVD-2017-1787
Malware in sbrugna...
EUVD-2020-23238
Malware in sbrugna...
EUVD-2009-1675
Malware in sbrugna...
EUVD-2022-42526
Malicious code in bioql PyPI...
EUVD-2022-24713
Malicious code in bioql PyPI...
EUVD-2023-26614
Malicious code in bioql PyPI...
EUVD-2022-42711
Malicious code in bioql PyPI...
EUVD-2024-0813
Malicious code in bioql PyPI...
EUVD-2023-45600
Malicious code in bioql PyPI...
CVE-2025-45474
CVE-2025-45474 affects maccms10 v2025.1000.4047, with a Server-Side Request Forgery (SSRF) vulnerability in Email Settings. The connected sources corroborate SSRF as the issue and note limited public remediation: a temporary workaround is to restrict access to Email Settings until a patch is avai...
CVE-2024-1746
The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6225
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.5 and 7.5.1 for the Pro version due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2023-3964
An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disable...
CVE-2022-4393
The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-4442
The Custom Post Types and Custom Fields creator WordPress plugin before 2.3.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, i...
CVE-2024-8854
The CVE-2024-8854 entry concerns the Polls CP WordPress plugin (versions prior to 1.0.77). The vulnerability arises because the plugin does not sanitize and escape certain poll settings, enabling stored cross-site scripting via admin-level actions, even when unfiltered_html is disallowed (e.g., i...
CVE-2024-10107 Giveaways and Contests by RafflePress < 1.12.17 - Admin+ Stored XSS
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...