CVE-2024-1490 Wago: Vulnerability in WBM through Open VPN

An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on t...

PT-2026-31605

Name of the Vulnerable Software and Affected Versions WAGO PLC versions affected versions not specified Description An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are...

📄 RPi-Jukebox-RFID 2.8.0 Cross Site Scripting

RPi-Jukebox-RFID version 2.8.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: RPi-Jukebox-RFID 2.8.0 - Stored XSS CVE-2025-10370 Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://github.com/MiczFlor/RPi-Jukebox-RFID Software Link:...

EUVD-2025-206715

FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...

RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: RPi-Jukebox-RFID 2.8.0 - Stored XSS CVE-2025-10370 Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://github.com/MiczFlor/RPi-Jukebox-RFID Software Link: https://github.com/MiczFlor/RPi-Jukebox-RFID/releases/tag/v2.8.0 Version: 2.8.0 Tested on: Raspber...

CVE-2026-24784

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content editor could inject scripts in module headers/footers that would run for other users. Versions 9.13.10 and 10.2.0...

RockyLinux 10 : valkey (RLSA-2025:19675)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:19675 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as ...

EUVD-2010-1181

Malware in sbrugna...

EUVD-2024-50876

Malicious code in bioql PyPI...

CVE-2025-10370 MiczFlor RPi-Jukebox-RFID userScripts.php cross site scripting

A vulnerability was identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This vulnerability affects unknown code of the file /htdocs/userScripts.php. The manipulation of the argument Custom script leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is...

CVE-2025-10370

CVE-2025-10370 affects MiczFlor RPi-Jukebox-RFID up to version 2.8.0. A stored XSS exists in the /htdocs/userScripts.php page via manipulation of the Custom script argument, enabling remote exploitation with arbitrary JavaScript payloads. Public PoCs/exploits are available (e.g., Exploit-DB, Pack...

EulerOS 2.0 SP10 : git (EulerOS-SA-2025-1512)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the...

RPi-Jukebox-RFID Security Vulnerability

RPi-Jukebox-RFID is a contactless jukebox for the Raspberry Pi from the German individual developer Micz Flor. It plays audio files, playlists, podcasts, web streams and spotify triggered by the RFID card. A security vulnerability exists in MiczFlor RPi-Jukebox-RFID version 2.5.0 and earlier, whi...

CVE-2022-1356

cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands...

CVE-2022-1356

cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands...

Privilege escalation

cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands...

CVE-2022-1356 Cambium Networks cnMaestro use of Potentially Dangerous Function

cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands...

DEBIAN-CVE-2019-9852

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...

DEBIAN-CVE-2019-12471

Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

Fedora 25 : qt5-qtwebengine (2017-ae1fde5fb8)

This update updates QtWebEngine to the 5.8.0 release. QtWebEngine 5.8.0 is part of the Qt 5.8.0 release, but only the QtWebEngine component is included in this update. The update fixes the following security issues in QtWebEngine 5.7.1: CVE-2016-5182, CVE-2016-5183, CVE-2016-5189, CVE-2016-5199,...