CVE-2026-31917

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through = 1.16.10...

CVE-2026-31917

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through = 1.16.10...

CVE-2026-31917 WordPress WP ERP plugin <= 1.16.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through = 1.16.10...

EUVD-2025-25146

Malicious code in bioql PyPI...

EUVD-2021-28780

Malicious code in bioql PyPI...

GHSA-XFP8-X3J6-H67V ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/apps.js

A cross-site scripting XSS issue exists in ExpressGateway ≤ 1.16.10 in lib/rest/routes/apps.js. User-controlled data returned by the REST endpoint is not sanitized before being rendered by the admin/UI layer, allowing an authenticated, low-privileged actor to store or reflect a payload that...

GHSA-Q4RG-7CJJ-5R86 ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/users.js

A cross-site scripting XSS issue exists in ExpressGateway up to 1.16.10 in the REST endpoint implemented in lib/rest/routes/users.js. User-controlled input is reflected into the HTTP response without proper sanitization, allowing arbitrary JavaScript execution in the browser of a logged-in user w...

ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/apps.js

A cross-site scripting XSS issue exists in ExpressGateway ≤ 1.16.10 in lib/rest/routes/apps.js. User-controlled data returned by the REST endpoint is not sanitized before being rendered by the admin/UI layer, allowing an authenticated, low-privileged actor to store or reflect a payload that...

ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/users.js

A cross-site scripting XSS issue exists in ExpressGateway up to 1.16.10 in the REST endpoint implemented in lib/rest/routes/users.js. User-controlled input is reflected into the HTTP response without proper sanitization, allowing arbitrary JavaScript execution in the browser of a logged-in user w...

CVE-2025-9096

A vulnerability has been found in ExpressGateway express-gateway up to 1.16.10. Affected is an unknown function in the library lib/rest/routes/apps.js of the component REST Endpoint. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-9096

ExpressGateway (express-gateway) up to version 1.16.10 is affected by a Cross-Site Scripting (XSS) vulnerability in the REST Endpoint code, specifically lib/rest/routes/apps.js. The issue arises from an unknown function used in that component, enabling a remote attacker to inject and execute scri...

CVE-2025-9096 ExpressGateway express-gateway REST Endpoint apps.js cross site scripting

A vulnerability has been found in ExpressGateway express-gateway up to 1.16.10. Affected is an unknown function in the library lib/rest/routes/apps.js of the component REST Endpoint. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-9095

A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

CVE-2025-9095 ExpressGateway express-gateway REST Endpoint users.js cross site scripting

A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

CVE-2025-9095

Summary: CVE-2025-9095 affects ExpressGateway up to 1.16.10. The issue resides in the REST Endpoint component, specifically the library file lib/rest/routes/users.js, where user-controlled input can cause cross-site scripting. The vulnerability can be triggered remotely and has publicly disclosed...

WordPress Total Upkeep plugin <= 1.16.10 - Authenticated (Admin+) Command Injection vulnerability

Authenticated Admin+ Command Injection vulnerability discovered by sterva in WordPress Plugin Total Upkeep versions = 1.16.10...

Uncaught Exception

Overview std/archive/zip is a Go standard library package std/archive/zip Affected versions of this package are vulnerable to Uncaught Exception. Go Vulnerability Report: via the Open function in the archive/zip package when processing zip files containing entries with names composed solely of...