📄 Bloomberg Memray Cross Site Scripting

Bloomberg Memray prior to versions 1.19.2 rendered the command line of the tracked process directly into generated HTML reports without escaping, allowing for cross site scripting attacks. CVE-2026-32722 Bloomberg Memray’s Stored XSS via Unescaped Command-Line Metadata Intro I found this issue...

UBUNTU-CVE-2026-32722

Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...

GHSA-R5PR-887V-M2W9 Stored XSS in Memray-generated HTML reports via unescaped command-line metadata

Summary Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated report. This allowed JavaScript...

web-vulnerability-scanner

web-vulnerability-scanner Pyth...

CVE-2026-24443

EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker...

CVE-2026-24443

EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker...

CVE-2026-24443

EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker...

CVE-2026-24443 EventSentry < 6.0.1.20 Web Reports Unverified Password Change

EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker...

CVE-2026-24443

EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker...

CVE-2026-24443 EventSentry < 6.0.1.20 Web Reports Unverified Password Change

EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker...

CVE-2026-24443

EventSentry

NETIKUS EventSentry 安全漏洞

NETIKUS EventSentry is a network monitoring software developed by the American company NETIKUS. Versions of NETIKUS EventSentry prior to 6.0.1.20 contained security vulnerabilities. These vulnerabilities stemmed from the unvalidated password change mechanism in the account management feature of t...

PT-2026-21798

Name of the Vulnerable Software and Affected Versions EventSentry versions prior to 6.0.1.20 Description EventSentry has a flaw where passwords can be changed without verifying the current password through the account management functionality within the Web Reports interface. An attacker gaining...

Exploit for CVE-2025-63420

CVE-2025-63420 CrushFTP11 before 11.3.757 is vulnerable to s...

EUVD-2002-0700

Malware in sbrugna...

EUVD-2002-0701

Malware in sbrugna...

EUVD-2018-13022

Malware in sbrugna...

EUVD-2002-0697

Malware in sbrugna...

EUVD-2023-41416

Malicious code in bioql PyPI...

EUVD-2022-32045

Malicious code in bioql PyPI...