126 matches found
CVE-2025-62320 HTML Injection Leading to Data Exfiltration to External Server vulnerability affects HCL Unica Platform
HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external...
CVE-2025-62320 HTML Injection Leading to Data Exfiltration to External Server vulnerability affects HCL Unica Platform
HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external...
CVE-2025-62320
CVE-2025-62320 describes an HTML Injection vulnerability affecting the HCL Unica Platform. The issue arises when a web application does not properly validate or sanitize user input before rendering it on pages, enabling an attacker to inject HTML. When a browser loads the affected page, it may au...
vito 安全漏洞
VitoDeploy is an open-source web application for server management and PHP application deployment. Versions of Vito before 3.20.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks during the workflow site creation process. This could allow a...
CVE-2026-24934 An improper certificate validation vulnerability was found in ADM while querying an external server for the device's WAN IP address.
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...
EUVD-2020-21361
Malware in sbrugna...
EUVD-2018-1343
Malware in sbrugna...
EUVD-2022-5496
Malicious code in bioql PyPI...
EUVD-2025-27249
Malicious code in bioql PyPI...
EUVD-2025-23407
Malicious code in bioql PyPI...
CVE-2025-61589
Cursor is a code editor built for programming with AI. In versions 1.6 and below, Mermaid a to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled server throug...
CVE-2025-61589 Cursor: Potential Information Leakage via Mermaid Diagram
Cursor is a code editor built for programming with AI. In versions 1.6 and below, Mermaid a to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled server throug...
CVE-2025-61589
CVE-2025-61589 affects Cursor: in versions 1.6 and earlier, Mermaid diagram rendering can embed images that are rendered in the chat box, enabling an attacker to exfiltrate sensitive information to a third‑party server via an image fetch after a prompt injection. The issue requires malicious inpu...
PT-2025-36729
Name of the Vulnerable Software and Affected Versions: Rockwell Automation ThinManager® affected versions not specified Description: A server-side request forgery issue exists in Rockwell Automation ThinManager® software due to insufficient input sanitization. Authenticated attackers can exploit...
CVE-2025-54132
Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid which is used to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled serve...
CVE-2025-54132
Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid which is used to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled serve...
CVE-2025-54132 Cursor's Mermaid Diagram Tool is Vulnerable to an Arbitrary Image Fetch
Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid which is used to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled serve...
CVE-2025-8283
A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be us...
Red Hat Enterprise Linux 安全漏洞
Red Hat Enterprise Linux is a Linux operating system for business users from the American company Red Hat. A security vulnerability exists in Red Hat Enterprise Linux that stems from a DNS search domain removal that could cause connections to be forwarded to an unexpected external server...
CVE-2025-27095 JumpServer has a Kubernetes Token Leak Vulnerability
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to 4.8.0 and 3.10.18, an attacker with a low-privileged account can access the Kubernetes session feature and manipulate the kubeconfig file to redirect API requests to an external server...