CVE-2026-1002

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

CVE-2020-10429

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-settings.php by adding a question mark ? followed by the payload...

ImageMagick Studio ImageMagick Server-Side Request Forgery Vulnerability

ImageMagick Studio ImageMagick is the United States a set of open source image processing software. A server-side request forgery vulnerability exists in the HTTP and FTP encoders of ImageMagick Studio ImageMagick, which allows remote attackers to construct malicious URIs, trick users into parsin...

Drupal Form API Cross-Site Request Forgery Vulnerability

Drupal is a free and open source content management system developed in PHP. Drupal suffers from a cross-site request forgery vulnerability that allows remote attackers to construct malicious URIs, trick users into parsing them, and can target user contexts to perform malicious actions...

Cisco TelePresence MCU 4500 Device Cross-Site Request Forgery Vulnerability

The Cisco TelePresence MCU 4500 is a multimedia conferencing bridge product. A cross-site request forgery vulnerability exists in the Cisco TelePresence MCU 4500 device, which allows remote attackers to construct malicious URIs, trick users into parsing them, and can perform malicious actions in...

Drupal Navigate module cross-site scripting vulnerability

Drupal is an open source content management platform. A cross-site scripting vulnerability exists in the Drupal Navigate module, which allows remote attackers to exploit this vulnerability to construct malicious URIs that can be tricked into being parsed by the user, which can be used to obtain...