33 matches found
Arbitrary Code Injection
Overview mindsql is a Text-2-SQL made easy in just a few lines of python. Affected versions of this package are vulnerable to Arbitrary Code Injection via the askdb function in mindsqlcore.py file. An attacker can execute arbitrary code by sending crafted input to the affected process. Remediatio...
CVE-2026-27236
Adobe Experience Manager (AEM) 6.5.x is affected by a stored XSS in form fields due to insufficient input sanitization/output encoding. The vulnerability enables a low-privilege attacker to inject JavaScript that executes in a victim’s browser when visiting pages containing the vulnerable field. ...
EUVD-2025-206386
The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate user-supplied values passed via its IOCTL interface, allowing an attacker to access sensitive information via a crafted request...
CVE-2025-64503
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large MediaBox value, an attacker can cause CUPS-Filter 1.x’s pdftoraster tool to...
EUVD-2025-34940
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki PollNY extension allows Stored XSS.This issue affects MediaWiki PollNY extension: 1.39, 1.43, 1.44...
EUVD-2018-1031
Malware in sbrugna...
EUVD-2025-28766
Malicious code in bioql PyPI...
CVE-2025-58631
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZEEN101 IssueM issuem allows DOM-Based XSS.This issue affects IssueM: from n/a through = 2.9.0...
Responsive Pricing Table < 5.1.11 - Author+ Stored XSS
Description The plugin does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks - Create a new Pricing Table...
AZL-32314 CVE-2023-26159 affecting package reaper for versions less than 3.1.1-8
Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse function. When new URL throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect...
PT-2023-3289 · Ashlar Vellum · Ashlar-Vellum Cobalt
Name of the Vulnerable Software and Affected Versions: Ashlar-Vellum Cobalt affected versions not specified Description: The issue is related to a buffer overflow in memory, allowing an attacker to execute arbitrary code. This can be exploited by remote attackers, requiring user interaction such ...
CVE-2021-43657
A Stored Cross-site scripting XSS vulnerability via MAster.php in Sourcecodetester Simple Client Management System SCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS. This is vulnerable when an input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.rawops.PyFunc. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...
Input validation
insert HTML / js code inside input how to get to the vulnerable input : Workers worker nickname inject in this input the code...
CVE-2022-36778 Synel - eHarmony Stored XSS
insert HTML / js code inside input how to get to the vulnerable input : Workers worker nickname inject in this input the code...
Input validation
insert HTML / js code inside input how to get to the vulnerable input : Workers worker nickname inject in this input the code...
CVE-2022-34768 Synel - eHarmony Stored XSS
insert HTML / js code inside input how to get to the vulnerable input : Workers worker nickname inject in this input the code...
PT-2022-22318 · Synel +1 · Eharmony +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue allows an attacker to inject HTML or JavaScript code into a vulnerable input field. To reach the vulnerable input, an attacker would navigate to Workers worker nickname, and...
Stored XSS in "Name", "Group Name" & "Title"
Description The application allows img tag & src attribute in "Name","Title" & "Group Name" fields for which attackers can perform stored cross-site scripting. Proof of Concept 1.Login to the application and go to profile. 2.Now in the "Name" input field paste the below payload and click on "SAVE...
PT-2021-23389 · Faust +1 · Faust +1
Name of the Vulnerable Software and Affected Versions: Faust version 2.23.1 Description: The issue arises when an input file contains specific lines, including "// r visualisation tCst", "//process = +: L: abM-^Q;", and "process = route3333333333333333333,2,1,2,3,1 : ;", leading to stack...