14 matches found
EUVD-2019-6034
Malware in sbrugna...
EUVD-2020-28699
Malware in sbrugna...
EUVD-2025-20088
Malicious code in bioql PyPI...
CVE-2024-21496
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for th...
CVE-2024-51493
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...
CVE-2024-10481 Cross-Site Request Forgery (CSRF) in comfyanonymous/comfyui
A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can perform arbitrary API requests on behalf of the user. This can be exploited to perform actions such as...
CVE-2025-1776
CVE-2025-1776 concerns Soteshop before version 8.3.4, where the query parameter in /app-google-custom-search/searchResults is vulnerable to Cross-Site Scripting (XSS). The underlying issue allows an attacker to execute arbitrary code, potentially stealing sensitive data such as session cookies or...
CVE-2025-0423
Cordaware bestinformed Web is affected by CVE-2025-0423 due to improper sanitization of user input, enabling unauthenticated stored cross-site scripting. The vulnerability allows an attacker to inject JavaScript into user sessions and potentially abuse user privileges on the application. The affe...
Cross-Site Scripting (XSS)
librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization of the "name" parameter on the "Port Settings" page, allowing an attacker to inject arbitrary JavaScript, which executes when the page is accessed, potentially compromising user...
CVE-2024-51497
LibreNMS is affected by a Stored XSS in the Custom OID tab, where an authenticated user can inject JavaScript via the unit parameter when creating a new OID. The vulnerability is due to improper sanitization in librenms/includes/html/print-customoid.php and is associated with the stored XSS paylo...
GHSA-7663-37RG-C377 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
Summary A Stored Cross-Site Scripting XSS vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when editing a device's port settings. This vulnerability can lead to the execution of malicious code when the "Port Settings...
Refresh Token Exposure
@workos-inc/authkit-nextjs is vulnerable to Refresh Token Exposure. The vulnerability is due to improper handling of sensitive data, where refresh tokens are logged to the console if the debug flag, which is disabled by default, is enabled. This allows an attacker with access to the logs to steal...
CVE-2024-6895 Insecure Account Profile Management
Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as passwor...
CVE-2001-1505
tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into user sessions by sniffing and replaying packets...