PT-2026-45411

Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScrip...

sql-injection

sql-injection python tool that...

CVE-2025-62317 HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters.

HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the possibility of sensitive information being included in URL parameters, potentially leading to leaks through browser history, logs, or intermediate syste...

CVE-2026-42517 Cryptographic Failure Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

Directory Traversal

Overview i18next-locize-backend is an i18next-locize-backend is a backend layer for i18next to use locize service which can be used in node.js, in the browser and for deno. Affected versions of this package are vulnerable to Directory Traversal via the lng, ns, projectId, or version parameters,...

SUSE CVE-2026-26196

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, gogs api still accepts tokens in url params like token and accesstoken, which can leak through logs, browser history, and referrers. This issue has been patched in version 0.14.2...

CVE-2026-25972

Fortinet FortiSIEM versions 7.3.0–7.3.4 and 7.4.0 have an improper neutralization of input during web page generation that enables cross-site scripting. An unauthenticated remote attacker can supply arbitrary data via spoofed URL parameters to perform a social engineering attack via the UI. CVSSv...

CVE-2026-25972

An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters...

Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 跨站脚本漏洞

Cisco Secure Firewall Adaptive Security Appliance and Cisco Secure Firewall Threat Defense are products of Cisco, a US company. Cisco Secure Firewall Adaptive Security Appliance is an enterprise-level firewall software. Cisco Secure Firewall Threat Defense is an integrated firewall platform. Both...

CVE-2019-25367

ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface index.html through search, user management, and API parameters. Attackers can inject scripts via parameters in /db/system/admin/aardvark/index.html to execute JavaScript i...

CVE-2026-0505

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the...

Moodle 安全漏洞

Moodle is an open-source e-learning software platform developed by Moodle. It is also known as a course management system, learning management system, or virtual learning environment. There are security vulnerabilities in Moodle. These vulnerabilities stem from insufficient cleaning of URL...

CVE-2025-66523

CVE-2025-66523 reflects a Cross-Site Scripting (XSS) issue in na1.foxitesign.foxit.com prior to 2026-01-16, caused by URL parameters being embedded directly into JavaScript code or HTML attributes without proper encoding or sanitization. An authenticated user can trigger script injection by visit...

Chainlit code issue vulnerabilities

Chainlit is an open-source large-scale dialogue interface framework developed by Chainlit. Versions of Chainlit prior to 2.9.4 contained code vulnerabilities. These vulnerabilities stemmed from improper handling of URL parameters during the update process for projects/elements, which could lead t...

CVE-2024-40317

A reflected cross-site scripting XSS vulnerability in MyNET up to v26.08 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter HTTP...

CVE-2025-65202

TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "nextfile," which allows an attacker to execute arbitrary commands with root privileges...

CVE-2025-65202

TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "nextfile," which allows an attacker to execute arbitrary commands with root privileges...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ViewModel functionality. An authenticated attacker can execute arbitrary code with application privileges by supplying crafted data through user-controllable URL parameters. Details Serializatio...

CVE-2025-60690

A stack-based buffer overflow exists in the getmergeipaddr function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function concatenates up to four user-supplied CGI parameters matching 03 into a fixed-size buffer a2 without bounds checking. Remote attacke...