6 matches found
EUVD-2025-13267
Malicious code in bioql PyPI...
CVE-2025-36558
KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...
CVE-2025-36558
KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...
CVE-2025-36558 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...
CVE-2025-36558 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...
CVE-2025-36558
KUNBUS Revolution Pi PiCtory (versions 2.11.1 and earlier) is affected by multiple XSS and auth-related CVEs. The core issue is insufficient input sanitization of the sso_token in PiCtory, enabling reflected XSS via the token and stored XSS via crafted filenames; separate authentication bypass vi...