279 matches found
CVE-2023-50712
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attack...
SUSE SLED15: MozillaFirefox / MozillaFirefox-branding-upstream / etc (SUSE-SU-2025:4424-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4424-1 advisory. Update to Firefox Extended Support Release 140.6.0 ESR bsc1254551. - MFSA 2025-94 CVE-2025-14321...
CVE-2025-64338
ClipBucket v5 is an open source video sharing platform. In versions 5.5.2 - 156 and below, an authenticated regular user can create a photo collection whose Collection Name contains HTML/JavaScript payloads, which making ClipBucket’s Manage Photos feature vulnerable to Stored XSS. The payload is...
CVE-2025-13872
CVE-2025-13872 affects ObjectPlanet Opinio 7.26 rev12562. The survey-import feature is vulnerable to Blind Server-Side Request Forgery (SSRF), allowing an attacker to force the server to issue HTTP GET requests to an arbitrary destination. Public details in the connected sources confirm the affec...
EUVD-2025-200106
Grav Exposes Password Hashes Leading to privilege escalation...
EUVD-2025-197781
A security vulnerability has been detected in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This affects an unknown part of the file /admin/about.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has be...
CVE-2025-61763
Vulnerability in Oracle Essbase component: Essbase Web Platform. The supported version that is affected is 21.7.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in...
CVE-2025-61763
Vulnerability in Oracle Essbase component: Essbase Web Platform. The supported version that is affected is 21.7.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in...
CVE-2025-61763
Vulnerability in Oracle Essbase component: Essbase Web Platform. The supported version that is affected is 21.7.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in...
EUVD-2025-35247
Vulnerability in Oracle Essbase component: Essbase Web Platform. The supported version that is affected is 21.7.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in...
giSoft City Guide 跨站脚本漏洞
giSoft City Guide is a city guide platform from the Turkish company giSoft. A cross-site scripting vulnerability exists in giSoft City Guide versions prior to 1.4.45, which stems from improper input neutralization during web page generation and could lead to a reflective cross-site scripting atta...
CVE-2025-62424
ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - 146 and earlier, the /adminarea/templateeditor.php endpoint is vulnerable to path traversal. The validation of the file-loading path is inadequate, allowing authenticated administrators to read and write arbitrary fil...
EUVD-2018-8231
Malware in sbrugna...
EUVD-2022-2539
Malicious code in bioql PyPI...
EUVD-2023-34989
Malicious code in bioql PyPI...
EUVD-2023-55485
Malicious code in bioql PyPI...
EUVD-2023-3032
Malicious code in bioql PyPI...
EUVD-2024-1596
Malicious code in bioql PyPI...
CVE-2024-6429
A content spoofing vulnerability exists in multiple WSO2 products due to improper error message handling. Under certain conditions, error messages are passed through URL parameters without validation, allowing malicious actors to inject arbitrary content into the UI. By exploiting this...
Vaadin 安全漏洞
Vaadin is an open source platform for web application development from Vaadin Open Source.The Vaadin platform consists of a set of web components, a Java web framework, and a set of tools and application launchers. A security vulnerability exists in Vaadin, which stems from an upload validation...