1179 matches found
GO-2026-4524 Mattermost fails to sanitize sensitive data in WebSocket messages in github.com/mattermost/mattermost-server
Mattermost fails to sanitize sensitive data in WebSocket messages in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fro...
Allocation of Resources Without Limits or Throttling
Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage and html methods. An attacker can cause excessive memory allocation and application unavailability by supplying...
EUVD-2025-206981
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to sanitize sensitive data in WebSocket messages which allows authenticated users to exfiltrate password hashes and MFA secrets via profile nickname updates or email verification events. Mattermost Advisory ID:...
CVE-2023-4757
The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could...
CVE-2021-41917
webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and...
CVE-2020-7109
The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template...
UBUNTU-CVE-2026-22028
Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DOM elements from being constructed from arbitrary JSON. A regression introduced in Preact 10.26.5 caused this protection to be softened. In applications where values from JSON payloads are assumed t...
CVE-2026-22028 Preact has JSON VNode Injection issue
Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DOM elements from being constructed from arbitrary JSON. A regression introduced in Preact 10.26.5 caused this protection to be softened. In applications where values from JSON payloads are assumed t...
PT-2025-52495
Name of the Vulnerable Software and Affected Versions Orejime versions prior to 2.3.2 Description Orejime, a consent manager focusing on accessibility, had a flaw where malicious code could be executed on HTML elements it handled. This occurred because the software, prior to version 2.3.2, would...
GHSA-G6QX-WQ5W-WR8V Mattermost Desktop App exposes sensitive information in its application logs
Mattermost Desktop App versions 6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs. A fix is available for...
PT-2025-47299
Name of the Vulnerable Software and Affected Versions WinPlus version 24.11.27 Description A stored Cross-site Scripting XSS issue exists in WinPlus version 24.11.27 due to insufficient validation of user-supplied data. This allows a remote attacker to send a malicious query to an authenticated...
PT-2025-44778
Name of the Vulnerable Software and Affected Versions Car-Booking-System-PHP version 1.0 Description Car-Booking-System-PHP version 1.0 is susceptible to SQL Injection in the /carlux/sign-in.php file. The vulnerability exists due to insufficient input validation when processing user-supplied data...
SecureLearn - an Attack-Agnostic Defense for Multiclass Machine Learning against Data Poisoning Attacks
Data poisoning attacks are a potential threat to machine learning ML models, aiming to manipulate training datasets to disrupt their performance. Existing defenses are mostly designed to mitigate specific poisoning attacks or are aligned with particular ML algorithms. Furthermore, most defenses a...
EUVD-2021-25854
Malware in sbrugna...
EUVD-2019-0900
Malware in sbrugna...
EUVD-2021-11883
Malware in sbrugna...
EUVD-2020-28695
Malware in sbrugna...
EUVD-2021-11978
Malware in sbrugna...
EUVD-2018-10339
Malware in sbrugna...
EUVD-2020-27946
Malware in sbrugna...