EUVD-2025-10407

Malicious code in bioql PyPI...

EUVD-2023-27005

Malicious code in bioql PyPI...

CVE-2025-32413

Vulnerability-CVSS: CVE-2025-32413 affects Vulnerability-Lookup prior to 2.7.1, where an unneutralized input in the user bio at website/web/views/user.py allows stored cross-site scripting. Root cause appears to be inadequate input sanitization in the user bio field. Impact is stored XSS that cou...

CVE-2023-38759

CVE-2023-38759 describes a Cross-Site Request Forgery (CSRF) vulnerability in the wger Project, Workout Manager version 2.2.0a3. The issue enables a remote attacker to gain privileges via the user-management features, affecting multiple components/files (e.g., gym.py, reset_user_password.html, ov...

CVE-2023-22903

api/views/user.py in LibrePhotos before e19e539 has incorrect access control...

Lin-CMS-Flask Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'...

lin-cms-flask has an unspecified vulnerability

lin-cms-flask is a content management system framework. lin-cms-flask version 0.1.1 contains a security vulnerability that can be exploited by remote attackers to brute force login via the "login" function in the component "app/api/cms/user.py"...

CVE-2020-18698

Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'...

Authentication flaw

Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'...