Open Redirect

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Open Redirect via the help link generation process...

CVE-2026-34094 Customized help link for page protection indicator is relative to subpage name, because the link target is missing the "/wiki/" prefix

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-34094 Customized help link for page protection indicator is relative to subpage name, because the link target is missing the "/wiki/" prefix

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-34094

CVE-2026-34094 affects Wikimedia Foundation MediaWiki prior to 1.43.7, 1.44.4, and 1.45.2. The issue is in the Page/Article.Php path where a Customized help link for a page protection indicator is relative to the subpage name because the link target is missing the "/wiki/" prefix. This describes ...

ROS-20260420-73-0037

Vulnerability in mediawiki due to failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260319-73-0013

Vulnerability in glpi due to failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

CVE-2025-65922

PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, allowing the application to be embedded within malicious iframes. While this does not lead to unintended modification of projects or tasks, it exposes users to Phishing attacks. Attackers can frame the legitimate Planka applicati...

CVE-2023-54317 dm flakey: don't corrupt the zero page

In the Linux kernel, the following vulnerability has been resolved: dm flakey: don't corrupt the zero page When we need to zero some range on a block device, the function blkdevissuezeropages submits a write bio with the bio vector pointing to the zero page. If we use dm-flakey with corrupt bio...

CVE-2023-54317 dm flakey: don't corrupt the zero page

In the Linux kernel, the following vulnerability has been resolved: dm flakey: don't corrupt the zero page When we need to zero some range on a block device, the function blkdevissuezeropages submits a write bio with the bio vector pointing to the zero page. If we use dm-flakey with corrupt bio...

EUVD-2021-17088

Malware in sbrugna...

The vulnerability of the OpenSearch software package lies in its lack of measures to protect the structure of web pages, allowing attackers to execute arbitrary code.

The vulnerability of the OpenSearch software package is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code...

UBUNTU-CVE-2022-49992

In the Linux kernel, the following vulnerability has been resolved: mm/mprotect: only reference swap pfn page if type match Yu Zhao reported a bug after the commit "mm/swap: Add swpoffsetpfn to fetch PFN from swap entry" added a check in swpoffsetpfn for swap type 1: kernel BUG at...

CVE-2022-49992 mm/mprotect: only reference swap pfn page if type match

In the Linux kernel, the following vulnerability has been resolved: mm/mprotect: only reference swap pfn page if type match Yu Zhao reported a bug after the commit "mm/swap: Add swpoffsetpfn to fetch PFN from swap entry" added a check in swpoffsetpfn for swap type 1: kernel BUG at...

PT-2025-28937 · Ип Кривочуров Дмитрий Анатольевич · Экспорт/Импорт Товаров В Excel

Уязвимость плагина «Экспорт/Импорт товаров в Excel» существует из-за непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, провести атаку межсайтового скриптинга XSS...

PT-2025-28936 · Ип Кривочуров Дмитрий Анатольевич · Экспорт В Excel. Выгрузка Каталога Товаров 1С-Битрикс. Создание Прайс-Листа

Уязвимость плагина «Экспорт в Excel» существует из-за непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, провести атаку межсайтового скриптинга XSS...

PT-2025-28934 · Ип Кривочуров Дмитрий Анатольевич · Импорт Из Xml

Уязвимость плагина «Импорт из XML, и YML» существует из-за непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, провести атаку межсайтового скриптинга XSS...

CVE-2022-20238

'remappfnrange' here may map out of size kernel memory for example, may map the kernel area, and because the 'vma-vmpageprot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID:...

CVE-2022-20239

remappfnrange' here may map out of size kernel memory for example, may map the kernel area, and because the 'vma-vmpageprot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID:...

The vulnerability of the ColdFusion software platform, which arises due to the lack of measures taken to protect the website structure, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the ColdFusion software platform exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created link...

PT-2025-10120 · Esri · Arcgis Server

Name of the Vulnerable Software and Affected Versions: ArcGIS Server affected versions not specified Description: The issue is related to the lack of protection for the web page structure in ArcGIS Server. This could allow a remote attacker to conduct cross-site scripting attacks. Recommendations...