CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

CVE-2025-52623

HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects...

EUVD-2009-4167

Malware in sbrugna...

EUVD-2013-4022

Malware in sbrugna...

EUVD-2020-12595

Malware in sbrugna...

FreeBSD : webmin -- CGI Command Injection Remote Code Execution (805ad2e0-49da-11f0-87e8-bcaec55be5e5)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 805ad2e0-49da-11f0-87e8-bcaec55be5e5 advisory. Webmin reports: A less-privileged Webmin user can execute commands as root via a vulnerability in the...

CVE-2023-35075

Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though...

CVE-2019-8350

The Simple - Better Banking application 2.45.0 through 2.45.3 fixed in 2.46.0 for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this...

PT-2023-25131 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue arises from Mattermost's failure to use innerText or textContent when setting the channel name in the webapp during autocomplete. This allows an attacker to inject HTML into a...

CITSmart SQL Injection Vulnerability

CITSmart is an application from CITSmart Portugal. It provides all the processes for designing an organization. A SQL injection vulnerability exists in CITSmart versions prior to 9.1.2.28, which stems from the incorrect handling of "filtro de autocomplete...". No details of the vulnerability are...

OPENSUSE-SU-2020:1509-1 Recommended update for otrs

Otrs was updated to 5.0.42, fixing lots of bugs and security issues: https://community.otrs.com/otrs-community-edition-5s-patch-level-42/ - CVE-2020-1773 boo1168029 OSA-2020-10: Session / Password / Password token leak An attacker with the ability to generate session IDs or password reset tokens,...

openSUSE Security Update : otrs (openSUSE-2020-551)

Otrs was updated to 5.0.42, fixing lots of bugs and security issues : https://community.otrs.com/otrs-community-edition-5s-patch-level-42/ - CVE-2020-1773 boo1168029 OSA-2020-10 : - Session / Password / Password token leak An attacker with the ability to generate session IDs or password reset...

OPENSUSE-SU-2020:0551-1 Recommended update for otrs

Otrs was updated to 5.0.42, fixing lots of bugs and security issues: https://community.otrs.com/otrs-community-edition-5s-patch-level-42/ - CVE-2020-1773 boo1168029 OSA-2020-10: Session / Password / Password token leak An attacker with the ability to generate session IDs or password reset tokens,...