355 matches found
EUVD-2008-4129
Malware in sbrugna...
EUVD-2025-3198
Malicious code in bioql PyPI...
EUVD-2023-49395
Malicious code in bioql PyPI...
EUVD-2025-24771
Malicious code in bioql PyPI...
EUVD-2023-55172
Malicious code in bioql PyPI...
EUVD-2023-32423
Malicious code in bioql PyPI...
EUVD-2024-29920
Malicious code in bioql PyPI...
EUVD-2023-42295
Malicious code in bioql PyPI...
CVE-2025-61668 @plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user
Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a...
CVE-2025-54541
QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request deleting an article. The vendor was notified early about this vulnerability, but didn't respon...
CVE-2025-54541 Cross-Site Request Forgery in QuickCMS
QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request deleting an article. The vendor was notified early about this vulnerability, but didn't respon...
CVE-2025-46856
Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation ...
CVE-2025-46856
Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation ...
CVE-2025-47054 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation ...
CVE-2025-46856
Adobe Experience Manager (AEM) versions 6.5.22 and earlier are affected by a DOM-based XSS vulnerability. The issue allows a low-privileged attacker to manipulate the DOM to execute malicious JavaScript in a victim’s browser, with exploitation requiring user interaction (victim visits a crafted p...
CVE-2025-46856 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation ...
CVE-2025-54172 Stored Cross-Site Scripting in QuickCMS
QuickCMS is vulnerable to Stored XSS in sTitle parameter in page editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. Regular admin user is not able to inject any JS scripts into th...
CVE-2025-49065
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BestiaDurmiente Visit Counter visit-counter allows Stored XSS.This issue affects Visit Counter: from n/a through = 1.0...
CVE-2025-49557
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. A successful attacker...
CVE-2025-49065
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BestiaDurmiente Visit Counter visit-counter allows Stored XSS.This issue affects Visit Counter: from n/a through = 1.0...