Astro SSR - Server-Side Request Forgery

Astro before 5.17.3 and @astrojs/node before 9.5.4 are vulnerable to full-read SSRF due to improper Host header validation in error page rendering, allowing attackers to redirect requests and access internal resources. id: CVE-2026-25545 info: name: Astro SSR - Server-Side Request Forgery author:...

PT-2026-37309

Name of the Vulnerable Software and Affected Versions YetAnotherForum.NET YAF.NET versions prior to 4.0.5 YetAnotherForum.NET YAF.NET versions prior to 3.2.12 Description Stored Cross-Site Scripting XSS occurs when attacker-controlled input is persisted and later rendered without proper...

Description of the security update for SharePoint Server 2019: April 14, 2026 (KB5002854)

Description of the security update for SharePoint Server 2019: April 14, 2026 KB5002854 Summary Important: If you're currently running SharePoint Workflow Manager, you must install the SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you're currentl...

PT-2026-31136

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allows DOM-Based XSS.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through =...

cross-site-scripting-lab

XSS Lab Documentation Overview What Is Cross-Site Scr...

CVE-2026-25465

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Stored XSS.This issue affects CP Multi View Event Calendar : from n/a through = 1.4.37...

Description of the security update for SharePoint Server 2019: March 10, 2026 (KB5002845)

Description of the security update for SharePoint Server 2019: March 10, 2026 KB5002845 Summary Important: If you're currently running SharePoint Workflow Manager, you must install the SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you're currentl...

Masa CMS 安全漏洞

Masa CMS is a digital experience platform. A security vulnerability exists in Masa CMS versions prior to 7.2.8, prior to 7.3.13, and prior to 7.4.6, which stems from a group restriction bypass when modifying page URLs to include tag declarations, which could lead to unauthorized page rendering...

EUVD-2018-0807

Malware in sbrugna...

[SECURITY] Fedora 42 Update: mupdf-1.26.3-4.fc42

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

EUVD-2025-31276

Malicious code in bioql PyPI...

GHSA-RX7M-68VC-PPXH PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-918: Server-Side Request Forgery SSRF CVSS vector v.3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS vector v.4.0: 8.7 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Description: SSRF occurs when a processed HTML document is read and...

CVE-2025-55009 AuthKit: Sensitive auth data rendered in HTML

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...

CVE-2022-2316

HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to the occurrence of operations outside the buffer in memory, allows attackers to trigger a service failure.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by processing or loading specially created web...

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to data type conversion errors, allows attackers to influence the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to data type conversion errors. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules, related to resource release errors, allows attackers to trigger a service failure.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to errors during resource release. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to reading data beyond the allowed buffer limits, allows attackers to cause service failures.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to reading data beyond the allowed buffer limits. Exploiting this vulnerability can allow an attacker to cause a service failure...

DOJO 访问控制错误漏洞

DOJO is an open source JavaScript toolkit from pwn.college. DOJO suffers from an Access Control Error vulnerability that stems from a lack of access control when rendering a customized DOJO page, resulting in a user being able to create a stored cross-site scripting XSS vulnerability...

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to access to memory cells before the buffer is initialized, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules relates to access to memory cells before the buffer is initialized. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...