CVE-2025-61132

A Host Header Injection vulnerability in the password reset component in levlaz braindump v0.4.14 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header when Flask's urlforexternal=True generates reset links without a fixed SERVERNAME...

CVE-2025-27337

CVE-2025-27337 is a WordPress Fontsampler plugin vulnerability: CSRF-enabled, leading to a reflected Cross-Site Scripting (XSS) in Fontsampler versions up to and including 0.4.14. The issue arises from improper input neutralization during web page generation, enabling an attacker to trigger XSS w...

WordPress plugin Fontsampler 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site...

PT-2024-28325 · Unknown · Cafebazaar Hod

Name of the Vulnerable Software and Affected Versions: cafebazaar hod version 0.4.14 Description: The issue allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties through a prototype pollution vulnerability in the request function...

CVE-2023-45683

github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the...

Cross site scripting

github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the...

CVE-2023-45683 Cross site scripting via missing binding syntax validation In ACS location in github.com/crewjam/saml

github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the...

CVE-2023-45683 Cross site scripting via missing binding syntax validation In ACS location in github.com/crewjam/saml

github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the...

PT-2023-29649 · Saml · Saml

Name of the Vulnerable Software and Affected Versions: github.com/crewjam/saml versions prior to 0.4.14 Description: The package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the...

PT-2020-16226 · Peg · Peg-Markdown

Name of the Vulnerable Software and Affected Versions: peg-markdown version 0.4.14 Description: The issue is related to a NULL pointer dereference in the process raw blocks function located in markdown lib.c. This problem only affects products that are no longer supported by the maintainer...