220 matches found
CVE-2026-50040 Cross-site Scripting in StoneFly Storage Concentrator
Storage Concentrator SC & SCVM is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute within the victim's browser...
CVE-2026-34831
Rack: The vulnerability CVE-2026-34831 affects Rack::Files#fail, which uses String#size to set Content-Length instead of String#bytesize. When responses include multibyte UTF-8, Content-Length may be too small, causing HTTP framing issues and potential response desynchronization. The issue can be...
CVE-2025-53533 Pi-hole Admin Interface vulnerable to cross-site scripting via malformed URL path on 404 error page
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting XSS via a malformed URL path. The 404 error page includes t...
EUVD-2002-2225
Malware in sbrugna...
EUVD-2021-21468
Malware in sbrugna...
EUVD-2005-3423
Malware in sbrugna...
EUVD-2008-2419
Malware in sbrugna...
EUVD-2019-0440
Malware in sbrugna...
EUVD-2008-2164
Malware in sbrugna...
EUVD-2002-0725
Malware in sbrugna...
EUVD-2015-3319
Malware in sbrugna...
EUVD-2014-3166
Malware in sbrugna...
EUVD-2018-4242
Malware in sbrugna...
EUVD-2021-1140
Malware in sbrugna...
EUVD-2004-1351
Malware in sbrugna...
EUVD-2023-51641
Malicious code in bioql PyPI...
EUVD-2023-37441
Malicious code in bioql PyPI...
EUVD-2023-43774
Malicious code in bioql PyPI...
Webrecorder packages are vulnerable to XSS through 404 error handling logic
A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic of wabac.js v2.23.10 and below. The parameter requestURL derived from the original request target is directly embedded into an inline block without sanitization or escaping. This allows an attacker to craft ...
CVE-2025-58765 wabac.js has XSS vulnerability in 404 error handling logic
wabac.js provides a full web archive replay system, or 'wayback machine', using Service Workers. A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic of wabac.js v2.23.10 and below. The parameter requestURL derived from the original request target is directly...