MAL-2025-23807 Malicious code in jimdo-web-library (npm)

The package jimdo-web-library was found to contain malicious code...

Malicious code in jimdo-web-library (npm)

The package jimdo-web-library was found to contain malicious code...

Malicious code in test-web-library-build (npm)

The package test-web-library-build was found to contain malicious code...

编号撤回

libsoup is a GNOME HTTP client/server library from the GNOME project. This CVE number has been withdrawn...

CVE-2025-27455

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of...

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

CLSA-2025-1744782851 php: Fix of CVE-2025-1736

CVE-2025-1736: add checking of http user header crlf...

UBUNTU-CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

CLSA-2024-1733158948 php: Fix of CVE-2024-11234

CVE-2024-11234: fix HTTP fulluri CRLF injection...

CVE-2024-49692

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in AffiliateX allows Stored XSS.This issue affects AffiliateX: from n/a through 1.2.9...

CVE-2024-34069

Werkzeug (the Python WSGI library) contains a debugger-only vulnerability tracked as CVE-2024-34069. The issue arises in affected Werkzeug versions where the debugger can let an attacker execute code on a developer’s machine under certain conditions: the attacker must persuade the developer to vi...

CVE-2023-42399

Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component...

SUSE CVE-2023-32681

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent...

SUSE CVE-2015-5741

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields...

CVE-2023-25577

Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. ...

UBUNTU-CVE-2022-48110

DISPUTED CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting XSS vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator who...

Malicious code in @superbet-group/web.lib.flags (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 852821ee1ad9212bdcbbf1a16f7a0cd05db090379051a9725aecaf33a24e703d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @superbet-group/web.lib.rest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52048cd4263ed15792f49581fd01b450f4796af1f65b4e839951715b237d3fcf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-3750

The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation...

sanborn.ohioweblibrary.org Cross Site Scripting vulnerability OBB-2938232

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...