CVE-2026-34831

Rack: The vulnerability CVE-2026-34831 affects Rack::Files#fail, which uses String#size to set Content-Length instead of String#bytesize. When responses include multibyte UTF-8, Content-Length may be too small, causing HTTP framing issues and potential response desynchronization. The issue can be...

CVE-2025-53533 Pi-hole Admin Interface vulnerable to cross-site scripting via malformed URL path on 404 error page

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting XSS via a malformed URL path. The 404 error page includes t...

EUVD-2018-4242

Malware in sbrugna...

EUVD-2005-3423

Malware in sbrugna...

EUVD-2008-2164

Malware in sbrugna...

EUVD-2002-0725

Malware in sbrugna...

EUVD-2021-21468

Malware in sbrugna...

EUVD-2002-2225

Malware in sbrugna...

EUVD-2014-3166

Malware in sbrugna...

EUVD-2004-1351

Malware in sbrugna...

EUVD-2019-0440

Malware in sbrugna...

EUVD-2021-1140

Malware in sbrugna...

EUVD-2015-3319

Malware in sbrugna...

EUVD-2008-2419

Malware in sbrugna...

EUVD-2023-43774

Malicious code in bioql PyPI...

EUVD-2023-51641

Malicious code in bioql PyPI...

EUVD-2023-37441

Malicious code in bioql PyPI...

Webrecorder packages are vulnerable to XSS through 404 error handling logic

A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic of wabac.js v2.23.10 and below. The parameter requestURL derived from the original request target is directly embedded into an inline block without sanitization or escaping. This allows an attacker to craft ...

CVE-2025-58765 wabac.js has XSS vulnerability in 404 error handling logic

wabac.js provides a full web archive replay system, or 'wayback machine', using Service Workers. A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic of wabac.js v2.23.10 and below. The parameter requestURL derived from the original request target is directly...

PT-2025-36954

Name of the Vulnerable Software and Affected Versions: wabac.js versions 2.23.10 and below Description: wabac.js provides a full web archive replay system using Service Workers. A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic. The requestURL parameter,...