PT-2026-3236

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'usp access' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user...

CVE-2009-4707

Cross-site scripting XSS vulnerability in the Gobernalia Front End News Submitter gbfenewssubmit extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-4346

Cross-site scripting XSS vulnerability in the Frontend news submitter with RTE fertenews extension 1.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

EUVD-2009-4672

Malware in sbrugna...

EUVD-2009-4314

Malware in sbrugna...

EUVD-2009-1808

Malware in sbrugna...

EUVD-2022-6608

Malicious code in bioql PyPI...

Exploit for CVE-2012-0053

This repository is an offensive tool for web application exploitation, specifically for cross-site scripting XSS attacks. It contains a collection of payloads and scripts that can be used to exploit vulnerabilities in web applications. The payloads are designed to be injected into a vulnerable we...

Malicious code in treeherder-submitter (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 62f372bfa72908a63c289d80e0133c9e6a34732dc8e051ba7be3be89ecc01383 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-191910 Malicious code in treeherder-submitter (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 62f372bfa72908a63c289d80e0133c9e6a34732dc8e051ba7be3be89ecc01383 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2023-0691

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mflastname' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary...

CVE-2023-0689

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mffirstname' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrar...

CVE-2022-31194

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowi...

GO-2023-1633 Nomad Job Submitter Privilege Escalation Using Workload Identity in github.com/hashicorp/nomad

Nomad Job Submitter Privilege Escalation Using Workload Identity in github.com/hashicorp/nomad...

GHSA-94CC-XJXR-PWVF DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document

Impact In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This attack may only be initialized by a user who already has Submitter...

DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document

Impact In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This attack may only be initialized by a user who already has Submitter...

org.apache.submarine:submarine-submitter-k8s (>=0.8.0 <=0.8.0-RC0), org.apache.submarine:submarine-test-k8s (>=0.6.0 <=0.8.0-RC0) potentially affected by CVE-2024-36263 via org.apache.submarine:submarine-server-core (>=0.6.0 <=0.8.0)

org.apache.submarine:submarine-server-core MAVEN version =0.6.0, =0.8.0, =0.6.0, =0.8.0-RC0 Source cves: CVE-2024-36263 Source advisory: OSV:GHSA-V74C-QC46-9GG9...

org.apache.submarine:submarine-submitter-k8s (>=0.8.0 <=0.8.0-RC0), org.apache.submarine:submarine-test-k8s (>=0.6.0 <=0.8.0-RC0) potentially affected by CVE-2024-36265 via org.apache.submarine:submarine-server-core (>=0.6.0 <=0.8.0)

org.apache.submarine:submarine-server-core MAVEN version =0.6.0, =0.8.0, =0.6.0, =0.8.0-RC0 Source cves: CVE-2024-36265 Source advisory: OSV:GHSA-6Q97-8V3G-RPXW...

CVE-2023-0689

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mffirstname' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrar...

CVE-2023-0691

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mflastname' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary...