65 matches found
SUSE-SU-2026:21374-1 Security update for erlang
This update for erlang fixes the following issues: Security issues fixed: - CVE-2026-21620: improper isolation and compartmentalization can lead to TFTP relative path traversal and remote arbitrary reads/writes bsc1258663. - CVE-2026-23941: improper handling of duplicate Content-Length headers in...
CVE-2026-1454
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 via form field submissions. This is due to insufficient input sanitization in the lfbleadsanitize function which omits certain...
CVE-2020-24594
Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session...
EUVD-2018-20783
Malware in sbrugna...
EUVD-2023-48082
Malicious code in bioql PyPI...
EUVD-2022-4485
Malicious code in bioql PyPI...
EUVD-2023-48114
Malicious code in bioql PyPI...
EUVD-2023-1273
Malicious code in bioql PyPI...
EUVD-2024-16399
Malicious code in bioql PyPI...
EUVD-2024-47073
Malicious code in bioql PyPI...
EUVD-2025-3994
Malicious code in bioql PyPI...
CVE-2025-46818 Redis: Authenticated users can execute LUA scripts as a different user
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...
PT-2025-30412
Name of the Vulnerable Software and Affected Versions: ETQ Reliance CG legacy platform affected versions not specified Description: A reflected cross-site scripting XSS issue exists within the SQLConverterServlet component. This requires user interaction, such as clicking a crafted link, and may...
Advantech iView Cross-Site Scripting Vulnerability (CNVD-2025-17826)
Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. A cross-site scripting vulnerability exists in Advantech iView due to improper validation of user-supplied input. An attacker could use this vulnerability to execute...
CVE-2025-53397 Advantech iView Cross-site Scripting
A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting XSS attack. By exploiting this flaw, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other...
PT-2025-25430 · Xwiki · Xwiki
Name of the Vulnerable Software and Affected Versions: XWiki versions 7.4.5 through 16.4.7 XWiki versions 8.2 through 16.10.4 XWiki versions 17.1.0-rc-1 and earlier Description: The issue allows pages to gain script or programming rights when they contain a link and the target of the link is...
CVE-2024-0606
An attacker could execute unauthorized script on a legitimate site through UXSS using window.open by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS 122...
CVE-2024-11363
The Same but Different – Related Posts by Taxonomy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated...
CVE-2023-50732
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1...
CVE-2025-30366
WeGIA is a Web manager for charitable institutions. Versions prior to 3.2.8 are vulnerable to stored cross-site scripting. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently...