Exploit for CVE-2025-63420

CVE-2025-63420 CrushFTP11 before 11.3.757 is vulnerable to s...

CVE-2025-63420

CrushFTP11 before 11.3.757 is vulnerable to stored HTML injection in the CrushFTP Admin Panel Reports / "Who Created Folder", enabling persistent HTML execution in admin sessions...

CVE-2025-63420

CrushFTP11 before 11.3.757 is vulnerable to stored HTML injection in the CrushFTP Admin Panel Reports / "Who Created Folder", enabling persistent HTML execution in admin sessions...

CrushFTP 安全漏洞

CrushFTP is a file transfer server from CrushFTP, Inc. A security vulnerability exists in CrushFTP version 11.3.750, which stems from the Reports/Who Created Folder feature in the Admin Panel not handling input correctly, which could lead to a stored cross-site scripting attack...

EUVD-2014-0241

Malware in sbrugna...

EUVD-2023-31390

Malicious code in bioql PyPI...

EUVD-2023-31389

Malicious code in bioql PyPI...

EUVD-2023-51669

Malicious code in bioql PyPI...

MAL-2025-15155 Malicious code in availab-le-alb-um-zip-17375-who-else-esihf-alrnbv (npm)

The package availab-le-alb-um-zip-17375-who-else-esihf-alrnbv was found to contain malicious code...

Malicious code in availab-le-alb-um-zip-17375-who-else-esihf-alrnbv (npm)

The package availab-le-alb-um-zip-17375-who-else-esihf-alrnbv was found to contain malicious code...

CVE-2024-40096

The com.cascadialabs.who aka Who - Caller ID, Spam Block application 15.0 for Android places sensitive information in the system log...

CVE-2023-47558

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mahlamusa Who Hit The Page – Hit Counter allows SQL Injection.This issue affects Who Hit The Page – Hit Counter: from n/a through 1.4.14.3...

CVE-2023-46087

Cross-Site Request Forgery CSRF vulnerability in Mahlamusa Who Hit The Page – Hit Counter plugin = 1.4.14.3 versions...

CVE-2023-27654

An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privileges via the TTMultiProvider component...

CVE-2023-27653

An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a denial of service via the SharedPreference files...

virt-who bug fix and enhancement update

An update is available for virt-who. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.5...

Malicious code in mep-who (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2fed998f266588bd60b1cba39d78eaa2ef59bee5fbe16f7ea4f8f04997798f2f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1610 Malicious code in mep-who (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2fed998f266588bd60b1cba39d78eaa2ef59bee5fbe16f7ea4f8f04997798f2f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2025-24786

WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...

CVE-2025-24786 Path traversal opening Sqlite3 database in WhoDB

WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...