OpenCTI 代码注入漏洞

OpenCTI is an open source cyber threat intelligence platform from OpenCTI Open Source. A code injection vulnerability exists in versions prior to OpenCTI 6.5.2, which originates from a user-editable webhook that executes JavaScript code, potentially leading to a denial-of-service attack...

CVE-2024-13914

The File Manager Advanced Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 file-manager-advanced-shortcode and 2.5.6 advanced-file-manager-pro-premium, via the 'filemanageradvanced' shortcode. This makes it possible for authenticated...

[SECURITY] [DSA 5921-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5921-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 16, 2025 https://www.debian.org/security/faq -...

CVE-2025-40632

Cross-site scripting XSS in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered...

CVE-2025-40631 HTTP host header injection vulnerability in IceWarp Mail Server

HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirected...

Exploit for Improper Check for Unusual or Exceptional Conditions in Mozilla Firefox

!IMPORTANT This repository is designed for learning about vu...

IceWarp Mail Server 安全漏洞

IceWarp Mail Server is a mail server product from the Czech company IceWarp. The product supports email archiving, SmartAttach attachments, automatic migration and more. A security vulnerability exists in IceWarp Mail Server version 11.4.0, which originates from HTTP host header injection and cou...

CVE-2025-4123

A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting XSS attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious...

PT-2025-21264 · WordPress · Advanced-File-Manager-Pro-Premium +1

Name of the Vulnerable Software and Affected Versions: File Manager Advanced Shortcode WordPress plugin versions up to, and including, 2.5.4 advanced-file-manager-pro-premium versions up to, and including, 2.5.6 Description: The issue allows authenticated attackers with Administrator-level access...

CVE-2024-45516

An issue was discovered in Zimbra Collaboration ZCS 9.0.0 before Patch 43, 10.0.x before 10.0.12, 10.1.x before 10.1.4, and 8.8.15 before Patch 47. A Cross-Site Scripting XSS vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session,...

CVE-2025-3909

Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...

CVE-2025-3909

Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...

CVE-2025-3909

Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...

CVE-2025-3909 JavaScript Execution via Spoofed PDF Attachment and file:/// Link

Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...

CVE-2025-3909 JavaScript Execution via Spoofed PDF Attachment and file:/// Link

Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...

CVE-2025-3909

Thunderbird (email client) is affected by CVE-2025-3909 via the X-Mozilla-External-Attachment-URL header. An attacker could craft a nested message/rfc822 attachment with content type application/pdf, causing Thunderbird to render it as HTML and execute JavaScript in the file:/// context after aut...

CVE-2025-3597

The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available to Pro version users, it can be activated in the free versi...

Mozilla Thunderbird 安全漏洞

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. A cross-site scripting vulnerability exists in Mozilla Thunderbird, which stems from...

CVE-2024-45516

Summary of CVE-2024-45516 (Zimbra Classic UI XSS) Affects Zimbra Collaboration (ZCS) versions: 9.0.0 before Patch 43, 10.0.x before 10.0.12, 10.1.x before 10.1.4, and 8.8.15 before Patch 47. The vulnerability arises from insufficient sanitization of HTML content in the Classic UI, specifically ma...

PT-2025-21163 · Netgate · Pfsense Ce

Name of the Vulnerable Software and Affected Versions: Netgate pfSense CE versions prior to 2.8.0 beta release Netgate pfSense CE corresponding Plus builds versions prior to 2.8.0 beta release Description: The issue allows remote attackers to execute arbitrary JavaScript, delete backups, or leak...