EUVD-2020-17367

Malware in sbrugna...

EUVD-2025-6977

Malicious code in bioql PyPI...

CVE-2024-6986

A Cross-site Scripting XSS vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. The vulnerability is due to the improper use of the 'v-html' directive, which inserts the content of the 'fulltemplate' variable directly as HTML. This allows an attacker to execute maliciou...

CVE-2024-6986

A Cross-site Scripting XSS vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. The vulnerability is due to the improper use of the 'v-html' directive, which inserts the content of the 'fulltemplate' variable directly as HTML. This allows an attacker to execute maliciou...

CVE-2024-6986

The CVE-2024-6986 entry concerns parisneo/lollms-webui (v9.8). A Cross-site Scripting (XSS) flaw arises from improper use of the v-html directive, which renders the full_template variable as HTML on the Settings page. An attacker can inject JavaScript by supplying a payload in the System Template...

Discuz! xxe 可破坏数据库结构，导致脏数据进入

简要描述： Discuz! xxe 可破坏数据库结构，导致脏数据进入.......dz太变态了，小引号也过滤了，妹的，没办法只能分析到这里，但是隐约感觉到，这里存在很大的风险，因为改变了系统模板风格，先发个福利，大家自己看吧 详细说明： 首先我们看文件: portalcpdiy.php（lines:301-324）: if submitcheck'importsubmit' $isinner = false; $filename = ''; if$POST'importfilename' $filename =...