CVE-2025-62523

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...

CVE-2025-62523

PLOS (PILOS) before 4.8.0 contains a CORS misconfiguration in middleware: it reflects the Origin header in Access-Control-Allow-Origin with credentials allowed, potentially enabling cross-origin requests with user credentials. Laravel’s session handling adds origin checks that prevent cross-origi...

CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...

EUVD-2025-35829

SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without proper validation, leading to server-side request forgery SSRF. Additionally, the...

CVE-2025-58971

CVE-2025-58971 describes a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress Doctreat theme, affected versions

E-commerce 安全漏洞

E-commerce is a dynamic e-commerce website by the individual developer Bhabishya Ghimire. A security vulnerability exists in E-commerce version 1.0, which stems from the /search parameter not clearing the input to be reflected directly back to the response HTML, which could lead to a cross-site...

CVE-2025-61456

The CVE-2025-61456 entry documents a reflected XSS in Bhabishya-123 E-commerce 1.0, specifically in the index endpoint. Unescaped input from the /index parameter is echoed into the HTML response, enabling arbitrary JavaScript execution in a user’s browser via a crafted link or request. Affected p...

CVE-2025-61454

CVE-2025-61454 is an XSS vulnerability in the /search endpoint of Bhabishya-123 E-commerce 1.0. Unescaped input in the search parameter is directly reflected into the HTML response, allowing an attacker to execute arbitrary JavaScript in a user’s browser when a malicious link or crafted request i...

CVE-2025-53092

Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header without proper...

CVE-2025-31994

HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting XSS where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted...

Navigating the Dual-Use Nature and Security Implications of Reconfigurable Intelligent Surfaces in Next-Generation Wireless Systems

Reconfigurable intelligent surface RIS technology offers significant promise in enhancing wireless communication systems, but its dual-use potential also introduces substantial security risks. This survey explores the security implications of RIS in next-generation wireless networks. We first...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview @astrojs/node is a Deploy your site to a Node.js server Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the X-Forwarded-Host header when using the Astro.url property without validation. An attacker c...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the X-Forwarded-Host header when using the...

Astro's `X-Forwarded-Host` is reflected without validation

Summary When running Astro in on-demand rendering mode using a adapter such as the node adapter it is possible to maliciously send an X-Forwarded-Host header that is reflected when using the recommended Astro.url property as there is no validation that the value is safe. Details Astro reflects th...

EUVD-2016-1070

Malware in sbrugna...

EUVD-2014-5109

Malware in sbrugna...

EUVD-2006-0622

Malware in sbrugna...

EUVD-2005-2771

Malware in sbrugna...

EUVD-2019-7445

Malware in sbrugna...

EUVD-2006-0624

Malware in sbrugna...