Exploit for CVE-2026-20841

CVE-2026-20841 - Windows Notepad RCE PoC for a remote code ex...

Exploit for CVE-2026-20841

CVE-2026-20841 - Windows Notepad RCE PoC for a remote code ex...

CVE-2025-65924

ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically hyperlinks in fields that are intended for plain text. Although JavaScript is blocked preventing XSS, the HTML is still preserved in the generated PDF document. As a result, an attacker can inject malicious clickable...

thunderbird: Unsanitized address book fields

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For...

Design/Logic Flaw

Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label Edit Team - TeamName, bad actors can send emails with Spoofed Content as Hoppscotch. Part of payload external link is presented in clickable form - easier to achieve own goals by malicious actors. This iss...

CVE-2024-27092 Content spoofing - real Hoppscotch emails

Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label Edit Team - TeamName, bad actors can send emails with Spoofed Content as Hoppscotch. Part of payload external link is presented in clickable form - easier to achieve own goals by malicious actors. This iss...

CVE-2022-45169

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

Cross-site Scripting (XSS)

jenkins-2-plugins is vulnerable to Cross-site Scripting XSS attacks. The library converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

SUSE CVE-2018-6112

Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

jenkins-plugin/JUnit: Stored XSS vulnerability in JUnit Plugin

A flaw was found in the JUnit Jenkins Plugin. The affected version of the JUnit plugin converts HTTPS URLs in test report output to clickable links, which leads to a stored Cross-site scripting XSS attack...

CVE-2022-45380

A flaw was found in the JUnit Jenkins Plugin. The affected version of the JUnit plugin converts HTTPS URLs in test report output to clickable links, which leads to a stored Cross-site scripting XSS attack...

CVE-2022-45380

Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

PT-2022-27482 · Jenkins · Jenkins Junit Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins JUnit Plugin versions 1159.v0b 396e1e07dd and earlier Description: The issue is related to the conversion of HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS...

CVE-2022-1231

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop...

CVE-2022-1231

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop...

Format string

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop...

CVE-2022-1231 XSS via Embedded SVG in SVG Diagram Format in plantuml/plantuml

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop...

CVE-2022-1231 XSS via Embedded SVG in SVG Diagram Format in plantuml/plantuml

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop...

PT-2019-17077 · Ibm · Ibm Business Automation Workflow

Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 18.0.0.0 through 18.0.0.2 Description: The issue allows a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users...

DEBIAN-CVE-2019-10044

Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if for example Latin and Cyrillic characters...