31 matches found
EUVD-2012-0361
Malware in sbrugna...
EUVD-2017-15018
Malware in sbrugna...
EUVD-2024-1202
Malicious code in bioql PyPI...
Marbled Dust leverages zero-day in Output Messenger for regional espionage
Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability CVE-2025-27920 in the messaging app Output Messenger, a multiplatform chat software. These exploits have...
Marbled Dust leverages zero-day in Output Messenger for regional espionage
Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability CVE-2025-27920 in the messaging app Output Messenger, a multiplatform chat software. These exploits have...
IBM Sterling Control Center Cross-Site Scripting Vulnerability (CNVD-2025-09285)
IBM Sterling Control Center is an application system from International Business Machines IBM. A centralized monitoring and management system. IBM Sterling Control Center suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping o...
CVE-2025-3287 Local Code Execution Vulnerability in Arena®
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the...
Yonyou UFIDA ERP-NC /help/systop.jsp file cross-site scripting vulnerability
Yonyou UFIDA ERP-NC is a kind of Enterprise Resource Planning ERP software, which is mainly used for financial management, supply chain management, production management and customer relationship management of enterprises. Yonyou UFIDA ERP-NC suffers from a cross-site scripting vulnerability, whi...
IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2025-04167)
IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...
CVE-2024-32970
Phlex is a framework for building object-oriented views in Ruby. In affected versions there is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Since the last two vulnerabilities...
SAP NetWeaver Enterprise Portal Cross-Site Scripting Vulnerability (CNVD-2024-49631)
SAP NetWeaver Enterprise Portal is a SAP NetWeaver Web front-end component from SAP Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Enterprise Portal that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by a...
WordPress ImageMagick Sharpen Resized Images plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin ImageMagic...
IBM UrbanCode Deploy Cross-Site Scripting Vulnerability (CNVD-2024-26496)
IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...
Apache Airflow Cross-Site Scripting Vulnerability (CNVD-2024-26529)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow version 2.9.0 suffers from a cross-site scripting vulnerability that...
OneBlog Cross-Site Scripting Vulnerability
OneBlog is a Java blog. A cross-site scripting vulnerability exists in OneBlog v2.3.4, which stems from the lack of effective filtering and escaping of user-supplied data in the component rootpath/links, and can be exploited by an attacker to execute arbitrary web script or HTML by injecting a...
RPCMS Cross-Site Scripting Vulnerability (CNVD-2024-01190)
RPCMS is a software application, a web CMS system. A cross-site scripting vulnerability exists in RPCMS v3.5.5, which stems from the lack of effective filtering and escaping of user-supplied data in the component /logs/dopost.html, and can be exploited by an attacker to execute arbitrary Web scri...
BoidCMS Cross-Site Scripting Vulnerability
BoidCMS is a free open source flat file CMS for building simple websites and blogs, developed in PHP and using JSON as a database. A cross-site scripting vulnerability exists in BoidCMS version 2.0.1. The vulnerability stems from the application's lack of effective filtering and escaping of...
SuiteCRM HTML Injection Vulnerability
SuiteCRM is a customer relationship management system from the SuiteCRM team. SuiteCRM suffers from an HTML injection vulnerability that stems from a lack of valid filtering and escaping of user-supplied data in the salesagility/suitecrm tittle, which can be exploited by an attacker to cause HTML...
Adobe ColdFusion Deserialization Vulnerability (CNVD-2024-25608)
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a deserialization vulnerability that arises from unsafe deserialization of...
CVE-2023-29296 [Cloud] Customer suspects IDOR vulnerability
Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another...