Improper Input Validation

mantisbt/mantisbt is vulnerable to improper input validation. The vulnerability is due to lack of server-side validation on note length, which allows an attacker to submit excessively long notes and corrupt the issue activity logs, thereby breaking the activity stream UI and preventing future...

EUVD-2020-18176

Malware in sbrugna...

EUVD-2019-3388

Malware in sbrugna...

EUVD-2018-16904

Malware in sbrugna...

CVE-2025-5617

creationtimestamp| type| source ---|---|--- 2025-06-04 23:04:05+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqsw3qfiieb2...

CVE-2025-5229

creationtimestamp| type| source ---|---|--- 2025-05-27 03:47:52+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17596 2025-05-27 05:35:36+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq4xrhbk6lz2 2025-05-27...

CVE-2020-25491

6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting XSS via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page...

CVE-2025-4890

creationtimestamp| type| source ---|---|--- 2025-05-18 19:04:14+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16769 2025-05-18 19:24:26+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lphrv5p7gvy2 2025-05-18...

CVE-2025-4649

creationtimestamp| type| source ---|---|--- 2025-05-13 12:35:41+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp2ijzilmbh2 2025-05-13 14:47:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lp2q422dfx2e 2025-05-13...

CVE-2019-9875

creationtimestamp| type| source ---|---|--- 2025-03-26 18:45:15+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3llcgyim6af2v 2025-03-26 19:05:08+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3llci42bxm52u 2025-03-26 21:39:21+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2019-11718

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without...

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. Discourse suffers from a cross-site scripting vulnerability that stems from the fact that the activity stream in a user's profile page may be...

Stored XSS in the module named "Create Case"

Description I tested the demo site you provided. I see that there is an XSS vulnerability. I hope you can check and provide a fix as soon as possible. You have almost filtered out all possible cases of XSS, but I noticed that there is still 1 case that you left out. by using this xss command: Pro...

SUSE CVE-2018-5118

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...

SUSE CVE-2019-11718

Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper...

CVE-2020-25491

6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting XSS via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page...

CVE-2020-25491

6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting XSS via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page...

Cross site scripting

6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting XSS via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page...

CVE-2020-25491

6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting XSS via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page...

CVE-2019-11718

Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper...