105 matches found
CVE-2026-1985
The Press3D plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 3D Model Gutenberg block in all versions up to, and including, 1.0.2. This is due to the plugin failing to sanitize and validate the URL scheme when storing link URLs for 3D model blocks, allowing javascript:...
BIT-GITEA-2025-68946
In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS when handling URLs in links, where schemes such as javascript, vbscript and data can be used. An attacker can execute arbitrary scripts in the context of the user's browser by enticing a user to click on a craft...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS when handling URLs in links, where schemes such as javascript, vbscript and data can be used. An attacker can execute arbitrary scripts in the context of the user's browser by enticing a user to click on a craft...
Gitea vulnerable to Cross-site Scripting
In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...
CVE-2025-68946
In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...
CVE-2025-68946
In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...
EUVD-2025-205421
In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...
CVE-2025-68946
In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...
Jenkins Coverage Plugin has a stored cross-site scripting (XSS) vulnerability
Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...
Cross-site Scripting (XSS)
Overview io.jenkins.plugins:coverage is a Collects reports of code coverage or mutation coverage tools and visualizes the results. It has support for the following report formats: JaCoCo, Cobertura, and PIT. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper...
CVE-2025-67641
Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...
CVE-2025-62716 Plane Vulnerable to Cross-Site Scripting via Open Redirect in ?next_path Parameter
Plane is open-source project management software. Prior to version 1.1.0, an open redirect vulnerability in the ?nextpath query parameter allows attackers to supply arbitrary schemes e.g., javascript: that are passed directly to router.push. This results in a cross-site scripting XSS vulnerabilit...
EUVD-2006-0110
Malware in sbrugna...
EUVD-2024-53128
Malicious code in bioql PyPI...
EUVD-2024-53126
Malicious code in bioql PyPI...
EUVD-2025-19934
Malicious code in bioql PyPI...
EUVD-2022-26403
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-5118
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to...
RHEL 8 : thunderbird (RHSA-2025:13650)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:13650 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Large branch table could lead to...