6720 matches found
📄 MaNGOSWeb 4.0.6 Host Header Injection / XML Injection
MaNGOSWeb version 4.0.6 host header proof of concept exploit that a code injection vulnerability. It shows that it can be leveraged for more than cross site scripting and can be used to perform XML external entity injection leading to a file write that can assist in remote code execution...
CVE-2026-24614
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Devsbrain Flex QR Code Generator flex-qr-code-generator allows DOM-Based XSS.This issue affects Flex QR Code Generator: from n/a through = 1.2.10...
CVE-2026-24132
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...
CVE-2026-1299
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...
CVE-2026-1299
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...
UBUNTU-CVE-2026-1299
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...
CVE-2026-1299 email BytesGenerator header injection due to unquoted newlines
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...
CVE-2026-1299
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...
CVE-2026-24614
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Devsbrain Flex QR Code Generator flex-qr-code-generator allows DOM-Based XSS.This issue affects Flex QR Code Generator: from n/a through = 1.2.10...
CVE-2026-24579
Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Image Alt Text Generator for WP: from n/a through = 1.1.9...
CVE-2026-24614
CVE-2026-24614 affects the WordPress plugin Flex QR Code Generator (flex-qr-code-generator). The vulnerability is a DOM-based XSS caused by improper neutralization during web page generation. Public references indicate impact on Flex QR Code Generator versions up to 1.2.8 (NVD/Red Hat) with Patch...
CVE-2026-24614 WordPress Flex QR Code Generator plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Devsbrain Flex QR Code Generator flex-qr-code-generator allows DOM-Based XSS.This issue affects Flex QR Code Generator: from n/a through = 1.2.10...
CVE-2026-24579 WordPress Ai Image Alt Text Generator for WP plugin <= 1.1.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Image Alt Text Generator for WP: from n/a through = 1.1.9...
CVE-2026-24579
CVE-2026-24579 is a missing/ broken authorization vulnerability in the WordPress plugin Ai Image Alt Text Generator for WP (versions up to and including 1.1.9). Public sources in the Connected documents describe this as an access-control flaw that allows exploitation due to misconfigured access l...
CVE-2026-24579 WordPress Ai Image Alt Text Generator for WP plugin <= 1.1.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Image Alt Text Generator for WP: from n/a through = 1.1.9...
WordPress Plugin: Ai Image Alt Text Generator for WP Security Vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress plugin Flex QR Code Generator has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
nullsec-exploit
💀 NullSec Exploit Advanced Exploit Development & Payload...
Malicious code in blocks-builder-manifest-generator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30f5efa34a1c44d974502110177cb7a60daf579349ed25937e66e342f7f7c24f The package blocks-builder-manifest-generator was found to contain malicious code. Source: ghsa-malware...
EUVD-2026-3769
Malicious code in blocks-builder-manifest-generator npm...