701 matches found
CVE-2025-13873
Stored Cross-Site Scripting XSS in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey...
EUVD-2025-200215
Stored Cross-Site Scripting XSS in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey...
CVE-2025-51745
CVE-2025-51745 affects jishenghua JSH_ERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks due to the deserialization flaw in that endpoint. The CVSS metrics indicate a high-severity, network-exposed chain with no user interaction and total impact on confidential...
CVE-2025-41087 Cross-Site Scripting (XSS) stored in Taclia's web application
Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...
EUVD-2025-198264
phppgadmin vulnerable to Cross-site Scripting...
CVE-2024-44641
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpass parameter in change-password.php...
PHPGurukul Online Shopping Portal 安全漏洞
Online Shopping Portal is an online store system. Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the product parameter of search-result.php. An attacker can exploit this vulnerability to execute...
CVE-2025-34237
Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting XSS vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...
EUVD-2025-37353
The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making them enter their login...
EUVD-2024-28045
HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended...
📄 LEPTON 7.4.0 Remote Code Execution
LEPTON CMS version 7.4.0 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary system commands through the Droplets functionality. This vulnerability arises from improper input validation and execution control within the Droplets feature...
CVE-2025-12202
A security flaw has been discovered in ajayrandhawa User-Management-PHP-MYSQL web up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This vulnerability affects unknown code. Performing manipulation results in cross-site request forgery. The attack can be initiated remotely. The exploit has been...
CVE-2025-59269 BIG-IP Configuration utility XSS vulnerability
A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-59978 Junos Space: Stored cross-site scripting vulnerability in web application
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to store script tags directly in web pages that, when viewed by another user, enable the attacker to execute commands with the target's...
EUVD-2020-3112
Malware in sbrugna...
EUVD-2007-1184
Malware in sbrugna...
EUVD-2007-1174
Malware in sbrugna...
EUVD-2021-15162
Malware in sbrugna...
EUVD-2019-8164
Malware in sbrugna...
EUVD-2007-1179
Malware in sbrugna...