Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the function parameter, which is concatenated into an API error message and rendered without HTML escaping. An attacker can execute arbitrary JavaScript code in the context of a backend user's session by...

Open5GS Denial of Service Vulnerability (CNVD-2026-14249)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS version 2.7.6 and earlier. The vulnerability stems from the function smfgxccacb/smfgyccacb/smfs6baaacb/smfs6bstacb of t...

Open5GS 安全漏洞

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS version 2.7.6 and earlier. The vulnerability stems from the function smfgxccacb/smfgyccacb/smfs6baaacb/smfs6bstacb of t...

EUVD-2014-4826

Malware in sbrugna...

EUVD-2015-2793

Malware in sbrugna...

EUVD-2014-0270

Malware in sbrugna...

EUVD-2025-1728

Malicious code in bioql PyPI...

EUVD-2023-34248

Malicious code in bioql PyPI...

WSO2 Identity Server 安全漏洞

WSO2 Identity Server IS is an identity server from WSO2, Inc. A security vulnerability exists in WSO2 Identity Server IS that stems from improper handling of error messages and could lead to malicious content injection and social engineering attacks...

Linux Distros Unpatched Vulnerability : CVE-2020-25788

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUESTurl in an error message...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Overview tab error message handling process. An attacker can execute arbitrary JavaScript code in the context of the affected user's browser by injecting malicious payloads into error messages that are...

CVE-2021-26722

LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar...

CVE-2012-1792

Cross-site scripting XSS vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, whi...

CVE-2025-0513

In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code which may impact the user viewing the error message...

PT-2025-6190 · Unknown · Octopus Server

Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue arises from the unsafe handling of error messages on the error page in affected versions of Octopus Server. If an adversary can control any part of the error message, they...

Reflected Cross Site Scripting (XSS)

silverstripe/framework is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of error messages, which allows execution of a malicious payload included in a URL when the website is set to the "dev" environment mode...

Information Disclosure

apachesuperset is vulnerable to Information Disclosure. The vulnerability is due to improper handling of error messages, exposing sensitive analytics metadata, which allows an attacker to gain access to this information, potentially aiding in further attacks or revealing system details...

PostgreSQL 安全漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL that stems from...

HTML Injection

org.openrefine, openrefine is vulnerable to HTML injection. The vulnerability is due to improper handling of error messages, which fails to escape HTML tags in exception messages and tracebacks, allowing an attacker to inject malicious HTML when a specific error is triggered...

Cesanta MJS mjs_array_length function denial of service vulnerability

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. Designed for microcontrollers with limited resources. The main design goals were a small footprint and simple C/C++ interoperability. A denial of service vulnerability exists in the Cesanta MJS mjsarraylength function,...