309 matches found
Hacking Safari with GPT 5.4
When Anthropic unveiled Mythos and Project Glasswing, the reaction was immediate and polarized. Some dismissed it as fear-driven marketing, while others treated it as a credible shift in the threat landscape. Like with many things, the truth is probably somewhere in the middle. I wanted to test...
Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14349)
Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the portfw.cgi script multiple parameters of the user-supplied data lack of effective filtering and escaping , an attacke...
Esri ArcGIS Server 跨站脚本漏洞
Esri ArcGIS Server is a web-oriented enterprise software platform available for providing geolocation services from Esri. A cross-site scripting vulnerability exists in Esri ArcGIS Server version 11.4 and earlier, which stems from a stored cross-site scripting issue that could lead to malicious...
CVE-2025-34399
MailEnable versions prior to 10.54 are affected by a reflected XSS in the AddressesCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesCc value is not properly sanitized for GET requests and is echoed inside a [removed] block in the JavaScript variable sAddrCc, enabling an attack...
Docker MCP Gateway 安全漏洞
Docker MCP Gateway is a gateway service from Docker Inc. in the United States. A security vulnerability exists in Docker MCP Gateway version 0.27.0 and earlier, which stems from vulnerability to DNS rebinding attacks when running in sse or streaming transport mode, and could lead to browser-based...
EUVD-2025-34748
Stored cross-site scripting XSS vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser...
CVE-2025-10552
The CVE-2025-10552 entry describes a stored Cross‑site Scripting (XSS) vulnerability in 3DSwym on the 3DEXPERIENCE platform (R2025x). The vulnerability affects 3DSwym prior to Release R2025x and allows an attacker to execute arbitrary script in a user’s browser session. The PT-2025-41765 advisory...
EUVD-2020-27254
Malware in sbrugna...
EUVD-2020-21525
Malware in sbrugna...
EUVD-2012-2634
Malware in sbrugna...
EUVD-2021-24319
Malware in sbrugna...
EUVD-2022-43485
Malicious code in bioql PyPI...
EUVD-2025-17121
Malicious code in bioql PyPI...
EUVD-2024-40677
Malicious code in bioql PyPI...
EUVD-2021-27886
Malicious code in bioql PyPI...
EUVD-2023-0281
Malicious code in bioql PyPI...
EUVD-2023-53260
Malicious code in bioql PyPI...
CVE-2025-4760 Authenticated Stored Cross-Site Scripting (XSS) in Multiple WSO2 Products via API Document Upload in Publisher
An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...
CVE-2009-20002
Millenium MP3 Studio versions up to and including 2.0 is vulnerable to a stack-based buffer overflow when parsing .pls playlist files. The application fails to properly validate the length of the File1 field within the playlist, allowing an attacker to craft a malicious .pls file that overwrites...
Exploit for Out-of-bounds Write in Debian Debian_Linux
awesome-browser-exploit Share some useful archives about browser exploitation. I'm just starting to collect what I can found, and I'm only a starter in this area as well. Contributions are welcome. Chrome v8 Basic v8 github mirrordocs withingithub on-stack replacement in v8article // multiple...