2156 matches found
WordPress User Messages <= 1.2.4 - Reflected XSS
WordPress User Messages plugin = 1.2.4 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to load a...
CVE-2026-48956
creationtimestamp| type| source ---|---|--- 2026-07-07 20:48:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq3i3hz3pq27 2026-07-08 14:15:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mq5claiknt2n...
ChurchCRM - API Authentication Bypass via URL Injection
ChurchCRM 7.1.0 contains an authentication bypass caused by improper API middleware URL handling in ChurchCRM/Slim/Middleware/AuthMiddleware.php, letting unauthenticated attackers access protected API endpoints, exploit requires crafted request URL with 'api/public id: CVE-2026-39339 info: name:...
EUVD-2025-210439
A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...
CVE-2025-12799
A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...
PT-2026-56238
Name of the Vulnerable Software and Affected Versions GNU Wget versions prior to 1.25.1 Description A heap buffer underread exists in the clean metalink string function within src/metalink.c. This occurs when the software processes a Metalink document containing a URL consisting only of whitespac...
nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling
A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...
PYSEC-2026-914 Reddit Terminal Viewer (RTV) vulnerable to argument injection attacks
scripts/inspectwebbrowser.py in Reddit Terminal Viewer RTV 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2026-14641
creationtimestamp| type| source ---|---|--- 2026-07-05 00:36:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpudh4j6re2d...
CVE-2026-27779
Gitea up to version 1.25.4 is affected by a vulnerability in forwarded-proto handling when generating public URLs, allowing spoofed canonical URLs via malformed or injected forwarded-proto values. The issue is documented across multiple sources (NVD/NVD CVE entry and Snyk). Affected area: the Git...
CVE-2026-14620
creationtimestamp| type| source ---|---|--- 2026-07-03 17:04:38+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mpqzpoxq4c2i 2026-07-03 22:00:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mprkb56qhi2z...
CVE-2026-59234
creationtimestamp| type| source ---|---|--- 2026-07-03 14:41:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpqrpeabqu2l 2026-07-04 04:11:56+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mps6yxxuv723...
EUVD-2026-41507
When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...
EUVD-2026-41482
An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL. Refer to the ' Security Update for ASUS Router Android App ' section on the ASUS...
CVE-2026-9145
creationtimestamp| type| source ---|---|--- 2026-07-02 22:18:56+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpp2suimi22o 2026-07-03 03:22:36+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpplrucijr2n...
CVE-2026-59095 LobeChat < 2.2.10-canary.18 - SSRF via importFromUrl and fetchImageFromUrl
LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service importFromUrl and topic cover update fetchImageFromUrl...
CVE-2026-55111
creationtimestamp| type| source ---|---|--- 2026-07-02 18:25:02+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mponqlwrdj2m 2026-07-03 07:08:22+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mppyfkkhz32m 2026-07-08 11:01:21+00:00| seen|...
CVE-2026-57766
creationtimestamp| type| source ---|---|--- 2026-07-02 12:25:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpnzoc75jf2l 2026-07-02 16:01:25+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mpofpsgu4w2b 2026-07-03 03:53:39+00:00| seen|...
CVE-2026-57762
creationtimestamp| type| source ---|---|--- 2026-07-02 11:56:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpnxz3twfs2o 2026-07-02 16:02:49+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mpofscccbl2m 2026-07-03 00:45:10+00:00| seen|...
CVE-2026-14056
creationtimestamp| type| source ---|---|--- 2026-07-01 21:21:54+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmh5xawjd2l 2026-07-02 01:38:11+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmvi7um2k2y 2026-07-02 07:50:52+00:00| seen|...