CVE-2021-22523

XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions...

EUVD-2016-6691

Malware in sbrugna...

EUVD-2019-10281

Malware in sbrugna...

EUVD-2015-5636

Malware in sbrugna...

EUVD-2020-20243

Malware in sbrugna...

EUVD-2021-21691

Malware in sbrugna...

EUVD-2018-20630

Malware in sbrugna...

EUVD-2021-14650

Malware in sbrugna...

EUVD-2021-8787

Malicious code in bioql PyPI...

EUVD-2023-30372

Malicious code in bioql PyPI...

EUVD-2021-7008

Malicious code in bioql PyPI...

EUVD-2022-37406

Malicious code in bioql PyPI...

EUVD-2025-8625

Malicious code in bioql PyPI...

EUVD-2023-41387

Malicious code in bioql PyPI...

EUVD-2023-27426

Malicious code in bioql PyPI...

Information Disclosure

Directus is vulnerable to information exposure. The vulnerability is due to logging all incoming request details, including sensitive data like access and refresh tokens when using WebHook triggers in Flows, which allows an attacker with log access to hijack user sessions within the token...

CVE-2025-53886 Directus doesn't redact tokens in Flow logs

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all incoming request details are logged including security sensitive data like access and refresh tokens in...

CVE-2025-49130

Laravel Translation Manager is a package to manage Laravel translation files. Prior to version 0.6.8, the application is vulnerable to Cross-Site Scripting XSS attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including...

GHSA-J226-63J7-QRQH Laravel Translation Manager Vulnerable to Stored Cross-site Scripting

Impact The application is vulnerable to Cross-Site Scripting XSS attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive...

CVE-2023-24529

Due to lack of proper input validation, BSP application CRMBSPFRAME - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting XSS attack. As a...