PT-2026-51258

Name of the Vulnerable Software and Affected Versions kortix-ai suna versions prior to 0.8.39 Description A flaw in the Auth Endpoint component allows for remote cross-site scripting XSS, which is a technique where malicious scripts are injected into trusted websites. The issue exists within the...

CVE-2026-33427 Discourse Authorization Page Displays Unvalidated Redirect Domain

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an unauthenticated attacker can cause a legitimate Discourse authorization page to display an attacker-controlled domain, facilitating social engineering attacks against users. Versions...

[SECURITY] [DLA 4386-1] sogo security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4386-1 [email protected] https://www.debian.org/lts/security/ Paride Legovini November 28, 2025 https://wiki.debian.org/LTS -...

Cross-site Scripting (XSS)

Overview @nuxt/devtools is a Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of error messages on DevTools authentication page. An attacker can extract authentication tokens by tricking a user into interacting with maliciously crafted...

EUVD-2000-1082

Malware in sbrugna...

EUVD-2022-51669

Malicious code in bioql PyPI...

CVE-2022-4315

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page...

CVE-2025-3538

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function authasp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. The attack needs to be approached within th...

D-Link DI-8100 安全漏洞

The D-Link DI-8100 is a broadband router from D-Link designed for small to medium sized network environments. A stack buffer overflow vulnerability exists in the D-Link DI-8100. The vulnerability stems from the authasp function in the /auth.asp file in the jhttpd component not effectively limitin...

BIT-GITLAB-2022-4315

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page...

CVE-2024-10194

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Gotochidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer...

CVE-2024-10194 WAVLINK WN530H4/WN530HG4/WN572HG3 Front-End Authentication Page login.cgi Goto_chidx stack-based overflow

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Gotochidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer...

CVE-2024-10194

CVE-2024-10194 affects WAVLINK WN530H4, WN530HG4 and WN572HG3 (up to 20221028). The issue is in the Front-End Authentication Page, specifically the function Goto_chidx in the file login.cgi . Manipulating the argument wlanUrl causes a stack-based buffer overflow. Exploitation is possible only wit...

Logpoint 安全漏洞

Logpoint is a network security application from the Danish company Logpoint. A security vulnerability exists in Logpoint versions prior to 7.1.0 that stems from the presence of cross-site scripting XSS on the LDAP authentication page...

UBUNTU-CVE-2023-35132

A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions...

CVE-2022-4315

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page...

CVE-2022-4315

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page...

CVE-2022-4315

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page...

Cross-site Scripting (XSS)

github.com/argoproj/argo-cd is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization allowing an attacker to inject maliciously crafted script via input in the /auth/callback page...

CVE-2022-26952

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page...