EUVD-2024-28870

Malicious code in bioql PyPI...

EUVD-2023-45681

Malicious code in bioql PyPI...

EUVD-2024-53948

Malicious code in bioql PyPI...

EUVD-2022-6467

Malicious code in bioql PyPI...

CVE-2025-59524 Horilla Stored XSS Vulnerability via File Upload in Reimbursement Panel

Horilla is a free and open source Human Resource Management System HRMS. Prior to version 1.4.0, the file upload flow performs validation only in the browser and does not enforce server-side checks. An attacker can bypass the client-side validation for example, with an intercepting proxy or by...

CVE-2025-43794

Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote authenticated attackers...

CVE-2025-43781

Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.110 through 7.4.3.128, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.12 allows remote attackers to inject arbitrary web script or HTML via the URL in search bar portl...

Linux Distros Unpatched Vulnerability : CVE-2018-10095

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to...

CVE-2025-43775

Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.5, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via remote...

Linux Distros Unpatched Vulnerability : CVE-2011-3741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error...

Saad Irfan RemoteClinic 安全漏洞

Saad Irfan RemoteClinic is an open source application from Saad Irfan. Provides the ability to remotely manage your clinic via the web. A security vulnerability exists in Saad Irfan RemoteClinic 2.0 and earlier versions, which stems from an incorrect manipulation of the parameter image in the fil...

IBM Watson Studio on Cloud Pak for Data Cross-Site Scripting Vulnerability

IBM Watson Studio on Cloud Pak for Data is an intelligent search and text analytics platform from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Watson Studio on Cloud Pak for Data versions 4.0 and 5.0, which stems from the application's lack of effective...

CVE-2025-48312 WordPress WPAvatar plugin <= 1.9.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 文派翻译（WP Chinese Translation） WPAvatar allows Stored XSS. This issue affects WPAvatar: from n/a through 1.9.3...

CVE-2025-30041

CVE-2025-30041 concerns exposure of session identifiers via three CGI script paths: /cgi-bin/CliniNET.prd/utils/userlogstat.pl, /cgi-bin/CliniNET.prd/utils/usrlogstat.pl, and /cgi-bin/CliniNET.prd/utils/dblogstat.pl. The description indicates that these endpoints expose data containing session ID...

Mozilla Focus for iOS Cross-Site Scripting Vulnerability (CNVD-2025-19557)

Mozilla Focus for iOS is a privacy browser from the US-based Mozilla Foundation designed for iOS devices. A cross-site scripting vulnerability exists in versions prior to Mozilla Focus for iOS 142, which can be exploited by an attacker to execute arbitrary web script or HTML via injection of a...

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

Dell Unity Cross-Site Scripting Vulnerability (CNVD-2025-18244)

Dell Unity is a set of virtual Unity storage environments from Dell USA. A cross-site scripting vulnerability exists in Dell Unity 5.5 and earlier versions, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to...

The vulnerability in the pppoe.cgi script of Netgear DGN2200B router software allows a hacker to execute arbitrary commands.

The vulnerability of the pppoe.cgi script of the Netgear DGN2200B router operating system is related to the failure to take measures to neutralize special elements used in the operating system when processing the pppoeusername parameter. Exploiting this vulnerability allows a remote attacker to...