CVE-2020-7673

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

CVE-2020-7672

mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution...

EUVD-2021-1043

Malware in sbrugna...

EUVD-2023-1996

Malicious code in bioql PyPI...

GHSA-3GCM-F6QX-FF7P Flowise has Remote Code Execution vulnerability

Description Cause of the Vulnerability The CustomMCP node allows users to input configuration settings for connecting to an external MCP Model Context Protocol server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it...

CVE-2021-3988

A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...

CVE-2024-56363 APTRS has SSTI vulnerability

APTRS Automated Penetration Testing Reporting System is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. In 1.0, there is a vulnerability in the web application's handling of user-supplied input that is incorporated into a Jinja2...

ColdFusion SQL Error Pages XSS

---------- NOTE ABOUT COLDFUSION XSS ATTACKS Vendor: Macromedia Versions: MX 6.0 tested , older ? PROBLEM: When you access to an error page of sql you can insert xss code to be shown in the error uotput of the sql backend. example: http://target/article.cfm?id=1'scriptalertdocument.cookie;/script...