AlmaLinux 10 : perl-XML-Parser (ALSA-2026:7680)

The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:7680 advisory. perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files CVE-2006-10003 perl-xml-parser: XML::Parser for Perl: Heap corruption and...

RHSA-2026:7680 Red Hat Security Advisory: perl-XML-Parser security update

Bulletin has no description...

Oracle Linux 10 : perl-XML-Parser (ELSA-2026-7680)

The remote Oracle Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-7680 advisory. 2.47-6.1.0.1 - Add perlLWP Requires 2.47-6.1 - Fix CVE-2006-10002, CVE-2006-10003 Tenable has extracted the preceding description block directly from...

CVE-2026-4451

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2020-7680

docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and render...

EUVD-2021-0585

Malware in sbrugna...

MAL-2025-7680 Malicious code in @crabas0npm2/nobis-ullam-fugiat (npm)

The package @crabas0npm2/nobis-ullam-fugiat was found to contain malicious code...

CVE-2024-7680

creationtimestamp| type| source ---|---|--- 2024-08-12 15:56:11+00:00| seen| https://t.me/cvedetector/2830...

CVE-2024-7680

A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file /incedit.php?id=4. The manipulation of the argument id/inccat/desc/date/amount leads to sql injection. It is possible to initiate the attack...

CVE-2024-7680 itsourcecode Tailoring Management System incedit.php sql injection

A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file /incedit.php?id=4. The manipulation of the argument id/inccat/desc/date/amount leads to sql injection. It is possible to initiate the attack...

CVE-2024-7680 itsourcecode Tailoring Management System incedit.php sql injection

A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file /incedit.php?id=4. The manipulation of the argument id/inccat/desc/date/amount leads to sql injection. It is possible to initiate the attack...

CVE-2024-7680

CVE-2024-7680 affects itsourcecode Tailoring Management System 1.0. The vulnerability is a SQL injection in the PHP page /incedit.php, triggered by manipulating the arguments id/inccat/desc/date/amount on the /incedit.php?id=4 endpoint. The issue is exploitable remotely and exploitation public di...

docsify-cli (>=0.1.0 <=1.3.0) potentially affected by CVE-2020-7680 via docsify (=0.0.5)

docsify NPM version =0.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on docsify and may be impacted: - docsify-cli =0.1.0, =1.3.0 Source cves: CVE-2020-7680 Source advisory: OSV:GHSA-QPQH-46QJ-VWCW...

Cross-Site Scripting (XSS)

Overview In docsify before version 4.12.0 it is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods: - When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in...

GHSA-2MM9-C2FX-C7M4 Docsify XSS Vulnerability

This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking plac...

docsify 4.11.6 Cross Site Scripting Vulnerability

docsify versions 4.11.6 and below suffer from a cross site scripting vulnerability. This vulnerability exists due to an incomplete fix for CVE-2020-7680. -------------------------------------------------------------- docsify = 4.11.6 DOM-based Cross-Site Scripting Vulnerability...

CVE-2020-7680

creationtimestamp| type| source ---|---|--- 2021-02-19 20:51:32+00:00| seen| https://t.me/cibsecurity/23878...

Docsify.js 4.11.4 - Reflective Cross-Site Scripting

Exploit Title: Docsify.js 4.11.4 - Reflective Cross-Site Scripting Date: 2020-06-22 Exploit Author: Amin Sharifi Vendor Homepage: https://docsify.js.org Software Link: https://github.com/docsifyjs/docsify Version: 4.11.4 Tested on: Windows 10 CVE : CVE-2020-7680 docsify.js uses fragment identifie...

Docsify 4.11.4 - Reflective Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Docsify.js 4.11.4 - Reflective Cross-Site Scripting Exploit Author: Amin Sharifi Vendor Homepage: https://docsify.js.org Software Link: https://github.com/docsifyjs/docsify Version: 4.11.4 Tested on: Windows 10 CVE :...

CVE-2020-7680

docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and render...