Calibre <= 7.15.0 - Reflected Cross-Site Scripting (XSS)

It is possible to inject arbitrary JavaScript code into the /browse endpoint of the Calibre content server, allowing an attacker to craft a URL that when clicked by a victim, will execute the attacker’s JavaScript code in the context of the victim’s browser. If the Calibre server is running with...

CVE-2016-15054

CVE-2016-15054 is rejected/not used and does not represent an active vulnerability entry.

EUVD-2024-23010

Malicious code in bioql PyPI...

EUVD-2022-1905

Malicious code in bioql PyPI...

EUVD-2023-52323

Malicious code in bioql PyPI...

EUVD-2024-34982

Malicious code in bioql PyPI...

EUVD-2025-14805

Malicious code in bioql PyPI...

EUVD-2022-45436

Malicious code in bioql PyPI...

EUVD-2021-31267

Malicious code in bioql PyPI...

EUVD-2023-52672

Malicious code in bioql PyPI...

EUVD-2023-52653

Malicious code in bioql PyPI...

EUVD-2023-52494

Malicious code in bioql PyPI...

EUVD-2025-18040

Malicious code in bioql PyPI...

EUVD-2024-36479

Malicious code in bioql PyPI...

CVE-2025-46891

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46942

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-47063

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-47041 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46864

CVE-2025-46864 affects Adobe Experience Manager, version 6.5.22 and earlier, due to a stored XSS vulnerability in vulnerable form fields. A low-privilege attacker can inject malicious scripts, with victims executing them when visiting the affected page; user interaction is required and the impact...

CVE-2025-41364 Stored Cross-Site Scripting (XSS) vulnerability in IDF and ZLF

Stored Cross-Site Scripting XSS vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and...