martinkubecka/Attributed-CVEs

Releases0

:dart: List of publicly disclosed application vulnerabilities that I found, reported and were attributed to me.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-56683 ↗	Oct 9, 2025Thursday, 9 October 2025, 15:16	9.6 CRITICAL	—
A cross-site scripting (XSS) vulnerability in the component /app/marketplace.html of Logseq v0.10.9 allows attackers to execute arbitrary code via injecting arbitrary Javascript into a crafted README.md file.
CVE-2021-41434 ↗	Sep 28, 2022Wednesday, 28 September 2022, 17:15	5.4 MEDIUM	—
A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php.
CVE-2021-41433 ↗	Sep 27, 2022Tuesday, 27 September 2022, 23:15	9.8 CRITICAL	—
SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php.
CVE-2021-37413 ↗	May 19, 2022Thursday, 19 May 2022, 15:15	9.8 CRITICAL	7.5 HIGH
GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login script does not verify and sanitize user-provided strings.