5207 matches found
EUVD-2022-2161
Malicious code in bioql PyPI...
EUVD-2024-49792
Malicious code in bioql PyPI...
EUVD-2022-33416
Malicious code in bioql PyPI...
EUVD-2022-28796
Malicious code in bioql PyPI...
EUVD-2022-45849
Malicious code in bioql PyPI...
EUVD-2024-20105
Malicious code in bioql PyPI...
EUVD-2023-57348
Malicious code in bioql PyPI...
CVE-2025-8720
CVE-2025-8720 (Plugin README Parser) affects WordPress Plugin README Parser versions up to and including 1.3.15. The root cause is insufficient input sanitization and output escaping for the target parameter, enabling a Stored Cross-Site Scripting (XSS) attack. Exploitation requires authenticated...
Malicious code in web-scripts-application (npm)
The package web-scripts-application was found to contain malicious code...
MAL-2025-38974 Malicious code in web-scripts-application (npm)
The package web-scripts-application was found to contain malicious code...
PT-2025-32622 · WordPress · Simple Responsive Slider
Name of the Vulnerable Software and Affected Versions: Simple Responsive Slider versions prior to 2.0 Description: The Simple Responsive Slider plugin for WordPress is susceptible to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated...
CVE-2025-8295
The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccessmsg’ parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2025-51629
A cross-site scripting XSS vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Temp parameter...
PT-2025-32293 · Unknown · Agenzia Impresa Eccobook
Name of the Vulnerable Software and Affected Versions: Agenzia Impresa Eccobook version 2.81.1 Description: A cross-site scripting XSS vulnerability exists in the PdfViewer component. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Temp...
CVE-2025-7727
The Gutenverse plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Fun Fact blocks in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-51534
A cross-site scripting XSS vulnerability in Austrian Archaeological Institute AI OpenAtlas v8.11.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field...
CVE-2025-26065
A cross-site scripting XSS vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network...
PT-2025-32097 · WordPress · Betheme
Name of the Vulnerable Software and Affected Versions: Betheme theme for WordPress versions prior to 28.1.4 Description: The Betheme theme for WordPress is susceptible to Stored Cross-Site Scripting through an Elementor display setting. Insufficient input sanitization and output escaping allows...
PT-2025-31915 · WordPress · Employee Directory
Name of the Vulnerable Software and Affected Versions: Employee Directory plugin for WordPress versions up to and including 4.5.1 Description: The Employee Directory plugin for WordPress is susceptible to Stored Cross-Site Scripting through the noaccess msg parameter due to insufficient input...
CVE-2025-51534
A cross-site scripting XSS vulnerability in Austrian Archaeological Institute AI OpenAtlas v8.11.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field...