The vulnerability in the web interface of the FortiOS operating system and the FortiProxy proxy server, which allows a hacker to gain unauthorized access to protected information.

The vulnerability in the web interface for operating system management software FortiOS and the proxy server used for protecting against Internet attacks FortiProxy is related to errors in processing hypertext links. Exploiting this vulnerability can allow a malicious actor to gain unauthorized...

GHSA-G839-X3P3-G5FM CodeChecker open redirect when URL contains multiple slashes after the product name

Summary --- CodeChecker versions up to 6.24.5 contain an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL's path segment. This results in bypassing protections against CVE-2021-28861, leading to the same open redirect pathway. Detai...

The vulnerability of the LibreOffice office software package, related to errors in processing hyperlinks within documents, allows a perpetrator to execute arbitrary code.

The vulnerability of the LibreOffice office software package is related to errors in processing hyperlinks within documents. Exploiting this vulnerability allows an attacker to execute arbitrary code, provided that the user opens a specially crafted hyperlink...

CVE-2025-0514

Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before 24.8.5...

CVE-2025-0514 Executable hyperlink Windows path targets executed unconditionally on activation

Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before 24.8.5...

CVE-2025-0514 Executable hyperlink Windows path targets executed unconditionally on activation

Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before 24.8.5...

CVE-2025-0514

The CVE-2025-0514 issue in LibreOffice is an improper input validation vulnerability that allows Windows executable hyperlink targets to be executed unconditionally on activation. Affected product: LibreOffice 24.8.x prior to 24.8.5. Underlying cause: improper handling of hyperlink targets within...

CVE-2024-12251

In Progress Telerik UI for WinUI versions prior to 2025 Q1 3.0.0, a command injection attack is possible through improper neutralization of hyperlink elements...

CVE-2024-12251

In Progress® Telerik® UI for WinUI versions prior to 2025 Q1 3.0.0, a command injection attack is possible through improper neutralization of hyperlink elements...

CVE-2024-12251

In Progress Telerik UI for WinUI versions prior to 2025 Q1 3.0.0, a command injection attack is possible through improper neutralization of hyperlink elements...

CVE-2024-12251

CVE-2024-12251 affects Progress Telerik UI for WinUI prior to 2025 Q1 (3.0.0). The issue is a command injection vulnerability caused by improper neutralization of hyperlink elements. Impact is reported as high (CVSSv3.1: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Public exploit details are not provide...

CVE-2024-12251 Improper neutralization special element in hyperlinks

In Progress Telerik UI for WinUI versions prior to 2025 Q1 3.0.0, a command injection attack is possible through improper neutralization of hyperlink elements...

CVE-2024-12251 Improper neutralization special element in hyperlinks

In Progress Telerik UI for WinUI versions prior to 2025 Q1 3.0.0, a command injection attack is possible through improper neutralization of hyperlink elements...

PT-2025-6516

Name of the Vulnerable Software and Affected Versions Progress Telerik UI for WinUI versions prior to 2025 Q1 3.0.0 Description A command injection attack is possible through improper neutralization of hyperlink elements. This issue allows for a command injection attack, potentially leading to...

CVE-2021-35239

A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink...

CVE-2024-7840

In Progress Telerik Reporting versions prior to 2024 Q3 18.2.24.924, a command injection attack is possible through improper neutralization of hyperlink elements...

CVE-2024-7575

In Progress Telerik UI for WPF versions prior to 2024 Q3 2024.3.924, a command injection attack is possible through improper neutralization of hyperlink elements...

Cross-Site Scripting (XSS)

phpoffice/phpspreadsheet is vulnerable to cross-site scripting XSS. The vulnerability is due to the lack of sanitization of the hyperlink base in the HTML page header within the file Html.php, allows an attacker to inject malicious scripts into the generated HTML pages...

CVE-2024-56411

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting XSS vulnerability of the hyperlink base in the HTML page header. The HTML page is formed without sanitizing the hyperlink base. Versions 3.7.0,...

PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header

Cross-Site Scripting XSS vulnerability of the hyperlink base in the HTML page header Product: Phpspreadsheet Version: version 3.6.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVSS vector v.3.1: 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS...