CVE-2023-53888

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and...

CVE-2025-12872

The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL...

aEnrich a+HRD和aEnrich a+HCM 跨站脚本漏洞

aEnrich a+HRD and aEnrich a+HCM are both products of Acer China aEnrich. aEnrich a+HRD is a total human resource development solution. aEnrich a+HCM is a human capital management system. A cross-site scripting vulnerability exists in aEnrich a+HRD and aEnrich a+HCM. The vulnerability stems from...

EUVD-2021-2480

Malware in sbrugna...

EUVD-2022-2187

Malicious code in bioql PyPI...

CVE-2025-51650

An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file...

CVE-2025-1484

CVE-2025-1484 affects the Hitachi Asset Suite media upload component. If exploited, an attacker can craft a request that causes attacker-supplied JavaScript to execute in the victim’s browser within the application session, impacting confidentiality and integrity. Connected sources (Red Hat, NVD,...

CVE-2006-2894

Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text bo...