CVE-2026-21664

HackerOne community member Huynh Pham Thanh Luc nigh7c0r3 has reported a reflected XSS vulnerability in the afr.php delivery script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent ...

CVE-2023-0829

Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner either a customer or an additional user, can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription...

Ubiquiti UniFi Network 跨站脚本漏洞

Ubiquiti UniFi Network is a wireless network management software solution from Ubiquiti, Inc. It is used to set up and manage UniFi Network devices. A security vulnerability exists in Ubiquiti UniFi Network version 7.3.83 and prior versions that originates from a vulnerability that allows a...

CAPTCHA 4WP < 7.1.0 - Local File Inclusion via CSRF

The plugin lets user input reach a sensitive requireonce call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server. 1 Create a malicious PHP script $ echo ' shell.php 2 Add it to a fake .doc file, who will...