CVE-2026-46426

Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...

Exploit for CVE-2026-21509

🛡️ CVE-2026-21509 — Microsoft Office Zero-Day !OFFICEhttps...

CVE-2025-63830

CKFinder 1.4.3 is vulnerable to Cross Site Scripting XSS in the File Upload function. An attacker can upload a crafted SVG containing active content...

CVE-2025-63830

CKFinder 1.4.3 is vulnerable to Cross Site Scripting XSS in the File Upload function. An attacker can upload a crafted SVG containing active content...

CVE-2025-63830

CKFinder 1.4.3 is vulnerable to Cross Site Scripting XSS in the File Upload function. An attacker can upload a crafted SVG containing active content...

CVE-2025-63830

CKFinder 1.4.3 is vulnerable to Cross Site Scripting XSS in the File Upload function. An attacker can upload a crafted SVG containing active content...

EUVD-1999-0534

Malware in sbrugna...

EUVD-2006-4830

Malware in sbrugna...

EUVD-2009-3246

Malware in sbrugna...

EUVD-2007-1935

Malware in sbrugna...

EUVD-2015-2022

Malware in sbrugna...

EUVD-2013-0937

Malware in sbrugna...

EUVD-2010-5149

Malware in sbrugna...

CVE-2010-5190

The Active Content Transformation functionality in Blue Coat ProxySG before SGOS 4.3.4.2, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.2.1 allows remote attackers to bypass JavaScript detection via HTML entities...

CVE-1999-0537

A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc...

Google Chrome Media Cross Origin Bypass (CVE-2020-6420)

A cross origin bypass vulnerability exists in Google chrome. Successful exploitation of this vulnerability can result in information disclosure and execution of active content outside the prescribed context...

curl: Active Mixed Content over HTTPS

Summary: Resources Loaded from Insecure Origin HTTP Steps To Reproduce: Vulnerability Details detected that an active content loaded over HTTP within an HTTPS page Remedy There are two technologies to defense against the mixed content issues: HTTP Strict Transport Security HSTS is a mechanism tha...

Microsoft ASP.NET Core CVE-2019-1075 Spoofing Vulnerability

Description Microsoft ASP.NET Core is prone to a spoofing vulnerability because it fails to properly sanitize user-supplied input. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirect...

Microsoft Internet Explorer CVE-2019-0921 Spoofing Vulnerability

Description Microsoft Internet Explorer is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft...

WePay: Active mixed content issues on the site https://stage-go.wepay.com.

Hello. Summary: Page https://stage-go.wepay.com/static/ contains active mixed content: Description: Passive mixed content is content sent over HTTP that is contained on the HTTPS page, but which can not change other parts of the page. For example, an attacker can replace a picture sent via HTTP...