6 matches found
GHSA-9695-8FR9-HW5Q Grav Vulnerable to Publisher-Level Stored XSS via Unquoted Event Attributes
Summary A stored Cross-Site Scripting XSS vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The issue arises from a blacklist bypass in the detectXss function when handling unquoted HTML event attributes. Details The detectXss function relies on a...
CVE-2026-4509
A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The exploit has been release...
CVE-2025-66689
A path traversal vulnerability exists in Zen MCP Server before 9.8.2 that allows authenticated attackers to read arbitrary files on the system. The vulnerability is caused by flawed logic in the isdangerouspath validation function that uses exact string matching against a blacklist of system...
EUVD-2015-3016
Malware in sbrugna...
EUVD-2007-4867
Malware in sbrugna...
EUVD-2013-4426
Malware in sbrugna...