CVE-2026-30615

A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic...

EUVD-2026-22938

A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic...

EUVD-2021-24435

Malware in sbrugna...

EUVD-2020-27596

Malware in sbrugna...

EUVD-2019-5089

Malware in sbrugna...

EUVD-2021-17466

Malware in sbrugna...

EUVD-2020-8005

Malware in sbrugna...

EUVD-2020-7985

Malware in sbrugna...

EUVD-2021-17457

Malware in sbrugna...

EUVD-2019-5172

Malware in sbrugna...

EUVD-2021-24481

Malware in sbrugna...

EUVD-2021-17452

Malware in sbrugna...

EUVD-2021-24483

Malware in sbrugna...

EUVD-2021-8606

Malicious code in bioql PyPI...

EUVD-2023-24018

Malicious code in bioql PyPI...

CVE-2025-20216

A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of an authenticated user. This vulnerability is due to improper sanitization of input to the web interface. An...

CVE-2025-24344

A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a crafted HTTP request...

SUSE CVE-2019-12520

An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo...

GHSA-HV45-5J9H-7FHG Cross-site Scripting in Jenkins

A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by Jenkins...

CVE-2019-13734

Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...