320 matches found
EUVD-2024-21327
Malicious code in bioql PyPI...
EUVD-2024-39178
Malicious code in bioql PyPI...
EUVD-2025-3081
Malicious code in bioql PyPI...
EUVD-2023-31750
Malicious code in bioql PyPI...
Cisco IOS XE 安全漏洞
Cisco IOS XE is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE that stems from insufficient validatio...
PT-2025-38347
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow issue exists in the sh css set black frame function within the atomisp module. The height and width values, sourced from user input, are multiplied, potentially leadi...
CVE-2025-53484
The CVE-2025-53484 affects the MediaWiki SecurePoll extension. Affected versions are 1.39.x before 1.39.13, 1.42.x before 1.42.7, and 1.43.x before 1.43.2. The root cause is improper escaping of user-controlled inputs in VotePage.php (poll option input) and in ResultPage’s getPagesTab() and getEr...
WordPress Raisely Donation Form Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Raisely Donation Form, which stems from insufficient cleanup and escaping of user-supplied attribute inputs in the...
CVE-2024-47594
SAP NetWeaver Enterprise Portal KMC does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link,...
CVE-2024-39595
SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user-controlled inputs, resulting in Stored Cross-Site Scripting XSS vulnerability. This vulnerability allows users to modify website content and on successful exploitation, an attacker can cause lo...
CVE-2023-26158
All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, o...
CVE-2023-37488
In SAP NetWeaver Process Integration - versions SAPXIESR 7.50, SAPXITOOL 7.50, SAPXIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting XSS attack. On successful exploitation the attacker can cause limited impact on confidentiality and integrity of t...
CVE-2023-33985
SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting XSS vulnerability, therefore changing the scope of the attack. On successful exploitation, an attacker can view or modify information...
CVE-2023-47115
Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...
CVE-2022-24395
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...
CVE-2021-42061
SAP BusinessObjects Business Intelligence Platform Web Intelligence - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. This allows a low privileged attacker to retrieve some data from the victim but will never be able to modify...
CVE-2020-6323
SAP NetWeaver Enterprise Portal Fiori Framework Page versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the...
CVE-2020-6313
SAP NetWeaver Application Server JAVAXML Forms versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing...
CVE-2020-6276
SAP Business Objects Business Intelligence Platform bipodata, version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability...
CVE-2020-6229
SAP NetWeaver AS ABAP Business Server Pages application CRMBSPFRAME, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...