PT-2026-21299

Photobooth prior to 1.0.1 has a cross-site scripting XSS vulnerability in user input fields. Malicious users could inject scripts through unvalidated form inputs. This vulnerability is fixed in 1.0.1...

CVE-2025-69564

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php via the Name, Address, email, UserName, Password, confirmpassword, Role, Branch, and Activate parameters...

EUVD-2025-206391

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php via the Name, Address, email, UserName, Password, confirmpassword, Role, Branch, and Activate parameters...

CVE-2022-23321

A persistent cross-site scripting XSS vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization of user-supplied input in several fields, including repository descriptions, project names, git commit author names, commit messages, access token names, and webhook URLs. An attacker can inject malicious ANSI...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Notifications widget when processing user-supplied input in text fields such as First Name, Middle Name, Last Name, Other Reason, or the name of flagged content. An attacker can execute arbitrary web...

EUVD-2019-8367

Malware in sbrugna...

EUVD-2018-6451

Malware in sbrugna...

EUVD-2021-12674

Malware in sbrugna...

EUVD-2012-6360

Malware in sbrugna...

EUVD-2005-4632

Malware in sbrugna...

EUVD-2021-1271

Malware in sbrugna...

EUVD-2007-0765

Malware in sbrugna...

EUVD-2021-28586

Malicious code in bioql PyPI...

EUVD-2023-1595

Malicious code in bioql PyPI...

EUVD-2024-25917

Malicious code in bioql PyPI...

CVE-2025-52217

The CVE-2025-52217 vulnerability affects SelectZero Data Observability Platform prior to version 2025.5.2. The issue stems from improper handling of user-supplied input in legacy UI fields, enabling HTML injection. Impact is HTML injection via these UI components; attack vector is user interactio...

CVE-2024-27716

Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote attacker to execute arbitrary code via the message sending and user input fields...

CVE-2021-32671

Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 our last beta before v1.0.0 and was not noticed or documented. This allowed for any user to type...

CVE-2020-25375

Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field...