1214 matches found
CVE-2024-25812
MyNET up to v26.05 was discovered to contain a reflected cross-site scripting XSS vulnerability via the src parameter...
PT-2025-52681
Name of the Vulnerable Software and Affected Versions MyNET versions 26.06 and earlier Description An iframe injection issue exists that allows a remote attacker to execute arbitrary code. The issue is related to the src parameter. Recommendations Versions prior to 26.06 should be updated...
CVE-2025-12885
The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitizepdfsrc function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes i...
EUVD-2025-204403
FreshRSS is a free, self-hostable RSS aggregator. Versions prior to 1.27.1 have a logout cross-site request forgery vulnerability that can lead to denial of service via . Version 1.27.1 patches the issue...
CVE-2025-12885
The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitizepdfsrc function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes i...
CVE-2025-12885
CVE-2025-12885 is a Stored Cross-Site Scripting vulnerability in the WordPress plugin Embed Any Document (Embed PDF, Word, PowerPoint, Excel Files). Affected versions: all up to 2.7.10, per Wordfence; the issue arises from insufficient input sanitization and output escaping in sanitize_pdf_src. E...
CVE-2023-53887
Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...
Malicious code in polygon-src (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b975bdc3690d0deccba20490d0c56eec9e073ff48c7f949d5c9554489445ff2 The package polygon-src was found to contain malicious code. Source: ghsa-malware f3e7ff8566f8fc6fd21a8bcad4e3d2684026f6e9eb0a5ac2ccff5d46112ac99e An...
Malicious Package
Overview polygon-src is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
EUVD-2025-203352
Malicious code in polygon-src npm...
Debian: Security Advisory (DLA-4387-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2025-63938
Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the stripreturnport function within src/reqs.c...
CVE-2025-63938
Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the stripreturnport function within src/reqs.c...
MAL-2025-191461 Malicious code in baidu-src-test3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b41154fc2678ab5be471f8ef4eb2065a74e9310ea81b5d3f3fd8617a1e880d67 The package baidu-src-test3 was found to contain malicious code. Source: ossf-package-analysis...
EUVD-2025-199553
Malicious code in baidu-src-test3 npm...
Malicious code in baidu-src-test3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b41154fc2678ab5be471f8ef4eb2065a74e9310ea81b5d3f3fd8617a1e880d67 The package baidu-src-test3 was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-191460 Malicious code in baidu-src-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b70672e328a6c37f9f5a2f333c52648043af35a44d4a7c33fce30d4dde10869 The package baidu-src-test was found to contain malicious code. Source: ossf-package-analysis...
EUVD-2025-199554
Malicious code in baidu-src-test npm...
mruby/c 代码问题漏洞
mruby/c is a C language library in the ITOC mruby/c team.open source. A code issue vulnerability exists in mruby/c version 3.4 and earlier, which stems from improper manipulation of the parameter ptr to function mrbcrawrealloc in file src/alloc.c, which may result in a null pointer dereference...
CVE-2025-52565
runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...