3856 matches found
CVE-2025-66459
CVE-2025-66459 affects Lookyloo prior to version 1.35.3. The vulnerability is an XSS caused by unescaped/error message content that is propagated to innerHTML when a capture fails and the list of URLs includes an HTML element. Multiple connected sources (NVD, Red Hat, CVE list, OSV, CNNVD, etc.) ...
CVE-2025-66459 Lookyloo vulnerable to XSS due to unescaped error message passed to innerHTML
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, t...
Lookyloo 跨站脚本漏洞
Lookyloo is a website capture tool from Lookyloo open source. A cross-site scripting vulnerability exists in Lookyloo versions prior to 1.35.3, which stems from an unfiltered URL in an error message and could lead to a cross-site scripting attack...
PT-2025-48752
Name of the Vulnerable Software and Affected Versions Lookyloo versions prior to 1.35.3 Description Lookyloo is a web interface used to capture website pages and display a tree of domains that interact with each other. A cross-site scripting XSS issue can occur when a user submits URLs for captur...
CVE-2025-52671
Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...
PT-2025-47621
Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...
Directus 安全漏洞
Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 11.13.0 that stems from a REST API error message discrepancy that could lead to the disclosure of unauthorized...
Siemens SIMATIC S7-1500 Generation of Error Message Containing Sensitive Information (CVE-2022-0563)
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an INPUTRC environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the...
Cross-site Scripting (XSS)
Overview @nuxt/devtools is a Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of error messages on DevTools authentication page. An attacker can extract authentication tokens by tricking a user into interacting with maliciously crafted...
EUVD-2025-36737
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...
Google Go 安全漏洞
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from an error message not escaping attacker-controlled data when ALPN negotiation fails, which could lead to informatio...
EUVD-2025-34831
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Login' endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the responses differ in the...
CVE-2025-34254 D-Link Nuclias Connect <= v1.3.1.4 Login Account Enumeration
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Login' endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the responses differ in the...
CVE-2025-34254
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Login' endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the responses differ in the...
CVE-2025-55676
Generation of error message containing sensitive information in Windows USB Video Driver allows an authorized attacker to disclose information locally...
EUVD-2014-1905
Malware in sbrugna...
EUVD-2012-2320
Malware in sbrugna...
EUVD-2010-2858
Malware in sbrugna...
EUVD-2006-1521
Malware in sbrugna...
EUVD-2021-12897
Malware in sbrugna...