12 matches found
CVE-2026-28394 OpenClaw < 2026.2.15 - Denial of Service via Unbounded Response Parsing in web_fetch Tool
OpenClaw versions prior to 2026.2.15 contain a denial of service vulnerability in the webfetch tool that allows attackers to crash the Gateway process through memory exhaustion by parsing oversized or deeply nested HTML responses. Remote attackers can social-engineer users into fetching malicious...
EUVD-2026-5678
A reflected cross-site scripting XSS vulnerability in the PDF export functionality of the TYDAC AG MAP+ solution allows unauthenticated attackers to craft a malicious URL, that if visited by a victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered through...
CVE-2025-40644 Reflected Cross-Site Scripting (XSS) in QRGen's Riftzilla
Reflected Cross-Site Scripting XSS vulnerability in Riftzilla's QRGen. This vulnerability allows an attavker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'id' parameter in '/article.php'. This vulnerability can be exploited to steal sensitive user...
EUVD-2025-32121
Malicious code in bioql PyPI...
CVE-2025-59772 Multiple vulnerabilities in AndSoft's e-TMS
Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...
CVE-2025-59762
CVE-2025-59762 is a reflected XSS in AndSoft e-TMS v25.03. The vulnerability stems from insufficient validation of the parameters l, demo, demo2, TNTLOGIN, UO and SuppConn in /clt/LOGINFRM_DLG.ASP, enabling an attacker to inject JavaScript via a malicious URL. Documented across NVD/CVE records an...
PT-2025-32604 · Sap · Sap Netweaver Application Server Abap
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server for ABAP affected versions not specified Description: SAP NetWeaver Application Server for ABAP is susceptible to a cross-site scripting issue. An unauthenticated attacker can create a URL containing a malicio...
Improper Validation of Syntactic Correctness of Input
Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input via improper handling of user-supplied URLs by using the startswith method in imageutils.py. An...
Discourse Security Breach
Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email and chat room features. Discourse suffers from a security vulnerability that stems from a carefully crafted malicious URL that degrades availability and leads to a denial o...
PYSEC-2022-248
Streamlit is a data oriented application development framework for python. Users hosting Streamlit apps that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially othe...
CVE-2019-8995
The workspace client, openspace client, and app development client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user...
Zhejiang Dahua Network Hard Disk Recorder DH-NVR2104HS-S1 has logical design loopholes
Zhejiang Dahua Network DVR DH-NVR2104HS-S1 is a network DVR that integrates 4-channel 10/100Mbps switch ports and supports 1080P HD real-time real-time preview and so on. A logical design vulnerability exists in the Zhejiang Dahua Network DVR DH-NVR2104HS-S1. An attacker can use the vulnerability...