CVE-2026-42338

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

CVE-2026-41305

A flaw was found in PostCSS. This vulnerability allows a remote attacker to perform Cross-Site Scripting XSS by submitting specially crafted CSS. When PostCSS processes and re-stringifies this CSS for embedding within HTML sequences. This oversight enables the injected...

oRPC has Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify

A Stored Cross-Site Scripting XSS vulnerability exists in the OpenAPI documentation generation of orpc. If an attacker can control any field within the OpenAPI specification such as info.description, they can break out of the JSON context and execute arbitrary JavaScript when a user views the...

EUVD-2018-0552

Malware in sbrugna...

EUVD-2021-33938

Malicious code in bioql PyPI...

CVE-2021-4038 NSM vulnerable to XSS

Cross Site Scripting XSS vulnerability in McAfee Network Security Manager NSM prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in a...

The vulnerability of the Content Security Policy component in the Firefox browser allows attackers to execute cross-site scripting attacks.

The vulnerability of the Content Security Policy component in the Firefox browser arises from the possibility of embedding HTML code. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

Design/Logic Flaw

The public node module versions = 1.0.3 allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript...

CVE-2018-3747

CVE-2018-3747 concerns the public Node.js module (versions

EmbedInHTML - Embed and hide any file in an HTML file

What this tool does is taking a file any type of file, encrypt it, and embed it into an HTML file as ressource, along with an automatic download routine simulating a user clicking on the embedded ressource. Then, when the user browses the HTML file, the embedded file is decrypted on the fly, save...

Orb 2.0.01.0049 2.54.0018 - DirectShow Denial of Service

Orb 2.0.01.0049 2.54.0018 - DirectShow Denial of Service When Orb is first installed it registers several Direct Show filters with the system. When registered these filters are then called whenever a file which has a dependency on such a required filter is accessed. By specially crafting specific...

PHP tempname()函数绕过safe_mode安全限制漏洞

BUGTRAQ ID: 36555 CVE ID: CVE-2009-3557 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的tempnam中的错误可能允许绕过safemode限制。以下是ext/standard/file.c中的有漏洞代码段： PHPFUNCTIONtempnam char dir, prefix; int dirlen, prefixlen; sizet plen; char openedpath; char p; int fd; if zendparseparametersZENDNUMARGS TSRMLSCC, "ss"...

PHP 5.2.5之前版本多个安全漏洞

BUGTRAQ ID: 26403 CVECAN ID: CVE-2007-4887 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的5.2.5之前版本中存在多个安全漏洞，具体包括： 1 htmlentities和htmlspecialchars函数中不会接受部分多字节序列； 2 fnmatch、setlocale和glob函数中存在多个缓冲器溢出； 3 处理.htaccess文件中的错误可能导致通过.htaccess文件修改mail.forceextraparameters php.ini指令，绕过disablefunctions指令； 4...

Sun Java Applet 1.x - Invocation Version Specification

source: https://www.securityfocus.com/bid/11757/info Java provides support for dynamic and static versioning when loading applets in the Java plug-in. This means that during the invocation of an applet, a user can request that a particular version of a plug-in be used to run the applet. The featu...