20 matches found
GHSA-2R69-QGV3-HR65 Summarize's hover summary feature allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links
Summarize prior to 0.15.0 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...
EUVD-2026-30795
Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...
CVE-2026-45245 Summarize < 0.15.1 Unauthorized Daemon Request via Untrusted Events
Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...
EUVD-2026-22011
ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For...
CVE-2026-33336
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the main BrowserWindow and does not restrict same-window navigations. An attacker who can place a link in...
CVE-2026-21872
NiceGUI (Python UI framework) versions 2.22.0–3.4.1 are affected by an XSS vulnerability caused by an unsafe implementation in the click event listener used by ui.sub_pages, combined with attacker-controlled link rendering on the page. The issue triggers when a user actively clicks a crafted link...
CVE-2025-59026
Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...
CVE-2025-30186
Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...
EUVD-2025-199815
Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...
CVE-2025-59026
Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...
CVE-2025-30186
Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...
CVE-2025-59026
Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...
CVE-2025-59026
CVE-2025-59026 affects Open-Xchange OX App Suite (and related advisories) where uploading a malicious file enables execution of script code when a user clicks attacker-controlled links. Actions may run in the user’s context and can include exfiltration of sensitive information. Public exploit det...
CVE-2025-59026
Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...
CVE-2025-30186
CVE-2025-30186 affects Open-Xchange OX App Suite. Malicious content uploaded as a file can execute script code when users follow attacker-controlled links, enabling unintended actions within the user’s account and potential exfiltration of sensitive data. The impact is described as limited to the...
PT-2025-48255
Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...
CVE-2025-66025
Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or...
CVE-2025-62428 Drawing-Captcha APP Host Header Injection in `/register` and `/confirm-email` Endpoints
Drawing-Captcha APP provides interactive, engaging verification for Web-Based Applications. The vulnerability is a Host Header Injection in the /register and /confirm-email endpoints. It allows an attacker to manipulate the Host header in HTTP requests to generate malicious email confirmation...
EUVD-2020-0143
Malware in sbrugna...
PT-2019-11324 · Jenkins · Jenkins Octopusdeploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OctopusDeploy Plugin versions 1.8.1 and earlier Description: A server-side request forgery issue exists that allows attackers with Overall/Read permission to have the server connect to an attacker-specified URL and obtain the HTTP...