46 matches found
CVE-2026-42849
authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE Simple Flow Executor in order to make the interface more compatible with legacy browsers, it was possible to use an XSS exploit in the AutosubmitStage. This issu...
Malicious code in browser-compat-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 601776b12bb397ecad770ec5b29505afb8704042ffdb079640eb6f0f1903edab The package browser-compat-data was found to contain malicious code...
MAL-2026-1665 Malicious code in browser-compat-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 601776b12bb397ecad770ec5b29505afb8704042ffdb079640eb6f0f1903edab The package browser-compat-data was found to contain malicious code...
EUVD-2021-19546
Malware in sbrugna...
Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms
Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing that stood out was the script's obfuscation, which seemed a bit bizarre because of all the accented...
Polyfill.io Supply Chain Attack: Malicious JavaScript Injection Puts Over 100k Websites At Risk
Polyfill.io helps web developers achieve cross-browser compatibility by automatically managing necessary polyfills. By adding a script tag to their HTML, developers can ensure that features like JavaScript functions, HTML5 elements, and various APIs work across different browsers. Originally...
iMLog < 1.307 - Persistent Cross Site Scripting (XSS)
Exploit Title: iMLog "User Maintenance" 3. Click on "Search" and then select your UserID. 4. Change the "Last Name" input to 5. Click on "Save" 6. Refresh the page, XSS will be triggered...
YubiKey authentication is working on published desktop but not published app
YubiKey does not work from a published app browser e.g., Microsoft Edge, but it works on the same browser inside a published desktop. The published app and desktop are both hosted on the same server...
SSON not working with Microsoft Edge, Google Chrome and Firefox . Message "No logon methods are available on this platform" is seen.
After logging on to Chrome,Edge or Firefox this message is seen. No logon methods are available on this platform" After browsing to the Storefront URL a screen appears asking to detect if Citrix Workspace App ininstalled . Then this screen is seen...
"Detect Receiver" is shown when launching Storefront URL from Edge or Chrome.
When launching Storefront URL from Edge or Chrome, "Detect Receiver" is shown. This issue doesn't happen within IE Browser...
Plastic SCM 10.0.16.5622 - WebAdmin Server Access Vulnerability
Exploit Title: Plastic SCM 10.0.16.5622 - WebAdmin Server Access Shodan Dork: title:"Plastic SCM" Exploit Author: Basavaraj Banakar Vendor Homepage: https://www.plasticscm.com/ Software Link: https://www.plasticscm.com/download/releasenotes/10.0.16.5622 Version: Plastic SCM 10.0.16.5622 Tested on...
Open Redirect in unshiftio/url-parse
✍️ Description url-parse mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while url-parse sees it as a relative path. Similar attacks:...
Security Update Guide: Let’s keep the conversation going
Hi Folks, We want to continue to highlight changes we’ve made to our Security Update Guide. We have received a lot of feedback, much of which has been very positive. We acknowledge there have been some stability problems and we are actively working through reports of older browsers not being able...
Security Update Guide: Let's keep the conversation going
Hi Folks, We want to continue to highlight changes we’ve made to our Security Update Guide. We have received a lot of feedback, much of which has been very positive. We acknowledge there have been some stability problems and we are actively working through reports of older browsers not being able...
Alternatives to Animated GIFs
We have all been amused by animated GIFs on lots of websites -- dancing babies, cute cats, flying birds, funny memes, and countless others. Despite their popularity, animated GIFs can be very heavy and can contribute significantly to page performance issues. How significantly? We have seen...
Microsoft Dynamics CRM 2011 Update Rollup 12
Microsoft Dynamics CRM 2011 Update Rollup 12 INTRODUCTION Update Rollup 12 for Microsoft Dynamics CRM 2011 will be available January 2013. This article describes the hotfixes and updates that are included in this update rollup. This update rollup is available for all languages that are supported ...
CVE-2020-14319
It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery CSRF which is exploitable in cases where preflight checks are not instigated or bypassed. For example authorised users using an older browser with Adobe Flash are vulnerable when targeted by an attacker. This...
Microsoft Dynamics CRM 2011 Update Rollup 13
Microsoft Dynamics CRM 2011 Update Rollup 13 INTRODUCTION Update Rollup 13 for Microsoft Dynamics CRM 2011 is now available. This article describes the hotfixes and updates that are included in this update rollup. This update rollup is available for all languages that are supported by Microsoft...
Description of Office Online SP1
Description of Office Online SP1 Introduction Microsoft Office Online Service Pack 1 SP1 provides the latest updates for Office Online. This service pack includes two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general...
WHO COVID-19 Mobile App: Probably unexploitable XSS via Header Injection
Summary: The Who-Platform header is reflected in the output of the page if it's not one of the recognized Who-Platform values IOS, ANDROID, WEB. While this is probably no longer exploitable as of 2015, it may be exploitable on less well implemented browsers not Chrome/Firefox/Edge. In general,...