22 matches found
CVE-2026-30615
A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic...
EUVD-2026-22938
A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic...
EUVD-2021-17457
Malware in sbrugna...
EUVD-2021-24483
Malware in sbrugna...
EUVD-2019-5172
Malware in sbrugna...
EUVD-2021-24481
Malware in sbrugna...
EUVD-2020-7985
Malware in sbrugna...
EUVD-2020-27596
Malware in sbrugna...
EUVD-2021-24435
Malware in sbrugna...
EUVD-2019-5089
Malware in sbrugna...
EUVD-2021-17452
Malware in sbrugna...
EUVD-2021-17466
Malware in sbrugna...
EUVD-2020-8005
Malware in sbrugna...
EUVD-2021-8606
Malicious code in bioql PyPI...
EUVD-2023-24018
Malicious code in bioql PyPI...
CVE-2025-20216
A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of an authenticated user. This vulnerability is due to improper sanitization of input to the web interface. An...
CVE-2025-24344
A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a crafted HTTP request...
SUSE CVE-2019-12520
An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo...
GHSA-HV45-5J9H-7FHG Cross-site Scripting in Jenkins
A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by Jenkins...
CVE-2019-13734
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...