46 matches found
EUVD-2020-27993
Malware in sbrugna...
EUVD-2013-6285
Malware in sbrugna...
EUVD-2017-0106
Malware in sbrugna...
EUVD-2023-3098
Malicious code in bioql PyPI...
EUVD-2022-0988
Malicious code in bioql PyPI...
EUVD-2022-6355
Malicious code in bioql PyPI...
EUVD-2025-10303
Malicious code in bioql PyPI...
EUVD-2022-6358
Malicious code in bioql PyPI...
EUVD-2022-1252
Malicious code in bioql PyPI...
CVE-2024-47067
AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go. The endpoint /i/:linkname takes in a user-provided value and reflects it back in the response. The endpoint returns an application/xml response, opening it up ...
CVE-2022-34792
A cross-site request forgery CSRF vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML...
Informatica: [███] Cross-Site Scripting (XSS) via /ssl-vpn/getconfig.esp at GlobalProtect VPN Portal
A Cross-Site Scripting XSS vulnerability was discovered in the GlobalProtect VPN portal's getconfig.esp endpoint. The vulnerability existed because the application reflected user input from the user parameter in an XML response without proper sanitization. This allowed an attacker to inject SVG...
CVE-2025-32406
An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 before 11.0.2 allows remote attackers fetch and parse the XML response...
CVE-2025-32406
An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 before 11.0.2 allows remote attackers fetch and parse the XML response...
CVE-2025-32406
An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 before 11.0.2 allows remote attackers fetch and parse the XML response...
CVE-2025-32406
An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 before 11.0.2 allows remote attackers fetch and parse the XML response...
SUSE CVE-2024-47067
AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go. The endpoint /i/:linkname takes in a user-provided value and reflects it back in the response. The endpoint returns an application/xml response, opening it up ...
CVE-2024-47067
AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go. The endpoint /i/:linkname takes in a user-provided value and reflects it back in the response. The endpoint returns an application/xml response, opening it up ...
CVE-2024-47067
CVE-2024-47067 affects AList, a file list program with multiple storages. The endpoint /i/:link_name reflects user input in an application/xml response, introducing a reflected XSS vulnerability via HTML/XHTML tags. The issue is fixed in version 3.29.0.
Next.js Remote Patterns Server-Side Request Forgery
Next.js framework embeds an image optimization component which is enabled by default and allows dynamic resizing when requested. This feature leverages the 'next.config.js' configuration file to ensure that the target host being requested is allowed. When misconfigured, a remote and unauthenticat...