28 matches found
EUVD-2017-11363
Malware in sbrugna...
EUVD-2020-25926
Malware in sbrugna...
EUVD-2004-1557
Malware in sbrugna...
EUVD-2015-7281
Malware in sbrugna...
EUVD-2006-0052
Malware in sbrugna...
EUVD-2025-12204
Malicious code in bioql PyPI...
EUVD-2022-29670
Malicious code in bioql PyPI...
EUVD-2025-5986
Malicious code in bioql PyPI...
CVE-2025-8071 Mine CloudVod <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via audio Parameter
Mine CloudVod plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘audio’ parameter in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-7644
The Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URLs in all widgets in all versions up to, and including, 1.6.7 due to insufficient input...
CVE-2025-53891
The CVE-2025-53891 entry affects the TIME LINE website (repository: timelineofficial/Time-Line-) where uploaded files (instruction/media) are not strictly validated for type/size. The root cause is insufficient validation, allowing renamed or oversized files that can cause malicious file uploads,...
CVE-2023-38327
An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists under calendar/freebusy.php, which allows unauthenticated remote attackers to enumerate the users of web applications based on server response...
CVE-2025-27455 CVE-2025-27455
The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of...
CVE-2025-49185
The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source...
CVE-2025-49192
CVE-2025-49192 is a clickjacking vulnerability affecting SICK Field Analytics and SICK Media Server, where the web UI can be embedded in a frame to mislead users and potentially expose confidential data or enable control gains. The issue is described across multiple sources (SICK PSIRT and relate...
PT-2025-25318
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The web application is susceptible to clickjacking attacks, where it can be embedded into another frame. This allows an attacker to deceive a user into clicking on something different from wha...
CVE-2025-47947 ModSecurity Has Possible DoS Vulnerability
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...
CVE-2025-27532
A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to access secret information via multiple crafted HTTP requests...
CVE-2024-31845
An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neutralizes output that is written to logs. The web application writes logs using a GET query string parameter. This parameter can be modified by an attacker, so that every action he performs is...
CVE-2025-24966
reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target" functionality of the...