ROS-20260524-73-0037

Vulnerability in vim text editor is related to failure to take measures to neutralize special elements. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...

CVE-2018-25358

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the tablename parameter in POST requests. Attackers can send requests to /mycgi.cgi with tablename values like adminuser,...

EUVD-2018-21880

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the tablename parameter in POST requests. Attackers can send requests to /mycgi.cgi with tablename values like adminuser,...

CVE-2026-39964

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer packages/embeds/js renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser...

Cross-site Scripting (XSS)

Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the childTextNodesAreLiteral function in render.go. An attacker can cause the execution of scripts in the context o...

Cross-site Scripting (XSS)

Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the childTextNodesAreLiteral function in render.go. An attacker can cause the execution of scripts in the...

CVE-2026-39964

TypeBot (viewer at packages/embeds/js) before version 3.16.0 renders rich-text bubble links without filtering javascript: URIs. A bot author can set a link to javascript:PAYLOAD, which executes in the visitor’s browser context when clicked, allowing the attacker’s code to run with the host page’s...

CVE-2026-39964 TypeBot: Stored XSS via javascript: URI in text bubble links — bot author executes JS on visitors' browsers

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer packages/embeds/js renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser...

CVE-2026-39964 TypeBot: Stored XSS via javascript: URI in text bubble links — bot author executes JS on visitors' browsers

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer packages/embeds/js renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser...

CVE-2021-21508

Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable...

CVE-2021-21508

Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable...

CVE-2021-21508

Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable...

EUVD-2021-8780

Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable...

CVE-2026-8673

CVE-2026-8673 describes an unprotected transport of credentials in Avantra from syslink software AG on Linux and Windows, allowing sniffing of credentials. The affected line is Avantra before version 25.3.0. Documented impacts emphasize confidentiality and integrity risks, with CVSS v3.1 indicati...

CVE-2026-8673 Password re-initialization mechanism sends passwords in plain text

Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0...

CVE-2026-8673 Password re-initialization mechanism sends passwords in plain text

Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0...

HSEC-2026-0007 Denial of Service and Memory Exhaustion in aeson and text-iso8601

Denial of Service and Memory Exhaustion in aeson and text-iso8601 Two Denial of Service DoS and memory exhaustion vulnerabilities were identified in the aeson and text-iso8601 packages. These vulnerabilities allow an attacker to exhaust server memory and crash the host process by supplying...

PT-2026-42817

Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.16.0 Description The Typebot viewer renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. This allows a bot author to set a link URL containing a malicious payload that...

PT-2026-42752

Name of the Vulnerable Software and Affected Versions Sync-in versions prior to 2.3 Description An issue exists in the URL download feature where the private IP blocklist regex fails to match IPv4-mapped IPv6 addresses, such as ::ffff:127.0.0.1. On dual-stack systems, Node.js may report a socket'...

Typebot 安全漏洞

Typebot is an open-source chat bot builder developed by Baptiste Arnaud. There were security vulnerabilities in versions of Typebot prior to 3.16.0. These vulnerabilities stemmed from the Typebot viewer’s failure to filter javascript: URI schemes when rendering rich text bubble content, allowing...