77 matches found
EUVD-2023-40810
Malicious code in bioql PyPI...
EUVD-2023-31970
Malicious code in bioql PyPI...
EUVD-2023-36630
Malicious code in bioql PyPI...
EUVD-2023-39993
Malicious code in bioql PyPI...
EUVD-2024-22901
Malicious code in bioql PyPI...
EUVD-2022-30238
Malicious code in bioql PyPI...
CVE-2025-43220
This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data...
TencentOS Server 4: python-urllib3 (TSSA-2025:0061)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0061 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Laravel Translation Manager Vulnerable to Stored Cross-site Scripting
Impact The application is vulnerable to Cross-Site Scripting XSS attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive...
CVE-2025-48483 FreeScout Stored XSS leads to CSRF
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting XSS attacks due to incorrect input validation and sanitization of user-input data during mail signature sanitization. An attacker can inject arbitrary HTML...
PT-2025-23234 · Unknown · Tinxy Wifi Lock Controller
Name of the Vulnerable Software and Affected Versions: Tinxy WiFi Lock Controller version v1 RF Description: The issue concerns the storage of sensitive user information, including credentials and mobile phone numbers, in plaintext. Recommendations: For Tinxy WiFi Lock Controller version v1 RF,...
CVE-2025-5281
Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. Chromium security severity: Medium...
WordPress Ajax Load More plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Ajax Load More plugin, which stems from the application's lack of effective filtering and escaping of user-supplied...
PT-2025-17499 · Sirv · Sirv
Name of the Vulnerable Software and Affected Versions: Sirv versions through 7.5.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. Specifically, it is a Stored XSS vulnerability, which means that an attacker can...
PT-2025-17093 · Unknown · Terminal Africa
Name of the Vulnerable Software and Affected Versions: Terminal Africa versions 1.13.17 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Reflected XSS. This means that an attacker can...
PT-2025-17040 · Unknown · Beacon Lead Magnets/Lead Capture
Name of the Vulnerable Software and Affected Versions: Beacon Lead Magnets and Lead Capture versions 1.5.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Reflected XSS. This means a...
CVE-2025-30450
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access sensitive user data...
CVE-2025-30463
The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data...
CVE-2025-24239
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data...
CVE-2025-24263
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15.4. An app may be able to observe unprotected user data...