EUVD-2019-3368

Malware in sbrugna...

PT-2025-41200

Name of the Vulnerable Software and Affected Versions OPEXUS FOIAXpress versions prior to 11.13.3.0 Description OPEXUS FOIAXpress before version 11.13.3.0 allows an administrative user to inject JavaScript or other content as a URL within the Technical Support Hyperlink Manager. This injected...

EUVD-2023-44098

Malicious code in bioql PyPI...

EUVD-2025-9164

Malicious code in bioql PyPI...

EUVD-2021-6688

Malicious code in bioql PyPI...

EUVD-2024-3128

Malicious code in bioql PyPI...

EUVD-2025-5366

Malicious code in bioql PyPI...

EUVD-2022-33624

Malicious code in bioql PyPI...

EUVD-2024-48564

Malicious code in bioql PyPI...

EUVD-2024-48691

Malicious code in bioql PyPI...

EUVD-2024-43345

Malicious code in bioql PyPI...

EUVD-2022-1115

Malicious code in bioql PyPI...

EUVD-2025-0027

Malicious code in bioql PyPI...

CVE-2025-57665

Element Plus Link component el-link through 2.10.6 implements insufficient input validation for the href attribute, creating a security abstraction gap that obscures URL-based attack vectors. The component passes user-controlled href values directly to underlying anchor elements without protocol...

CVE-2025-58353 Promptcraft Forge Studio: Complete Sanitizer Bypass Enables XSS via Overlapping Patterns

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as replace/javascript:/gi, ''. Because the package uses multi-character tokens and each replacement ...

CVE-2011-10027 AOL Desktop 9.6 RTX Stack-Based Buffer Overflow

AOL Desktop 9.6 contains a buffer overflow vulnerability in its Tool\rich.rct component when parsing .rtx files. By embedding an overly long string in a hyperlink tag, an attacker can trigger a stack-based buffer overflow due to the use of unsafe strcpy operations. This allows remote attackers to...

CVE-2011-10027

CVE-2011-10027 affects AOL Desktop 9.6. The vulnerability is a stack-based buffer overflow in the Tool\rich.rct component while parsing .rtx files, triggered by embedding an overly long string in a hyperlink tag and caused by unsafe strcpy usage. This can allow remote code execution when a user o...

CVE-2025-42975

SAP NetWeaver Application Server ABAP BIC Document allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to acces...

svg-sanitizer Bypasses Attribute Sanitization

Problem The sanitization logic at https://github.com/darylldoyle/svg-sanitizer/blob/0.21.0/src/Sanitizer.phpL454-L481 only searches for lower-case attribute names e.g. xlink:href instead of xlink:HrEf, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting...

curl: Account/Repository Takeover via Abandoned GitHub Username in curl's href_extractor.c

Summary: The hrefextractor.c example in the curl repository https://github.com/curl/curl/blob/master/docs/examples/hrefextractor.c references an external HTML parser library hosted at https://github.com/arjunc77/htmlstreamparser. The referenced GitHub username arjunc77 or repository...