EUVD-2026-27337

The traceroute diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters usi...

Altice Labs GR140DG和Altice Labs GR140IG 安全漏洞

Both Altice Labs GR140DG and Altice Labs GR140IG are fiber-optic access gateway devices from the Portuguese company Altice Labs. Both devices have security vulnerabilities. The vulnerability stems from the traceroute diagnostic handler in /bin/httpdclientside, which allows uncleaned user input to...

CVE-2026-31196

The traceroute diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters usi...

Splunk Enterprise 9.2.0 < 9.2.12, 9.3.0 < 9.3.9, 9.4.0 < 9.4.8, 10.0.0 < 10.0.2 (SVD-2026-0204)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0204 advisory. - In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below...

CVE-2025-66572

Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...

Malicious code in deviceatlas-clientside (npm)

--- -= Per source details. Do not edit below this line.=-...

Mail.ru: HTTP-Response-Splitting leads to information disclosure (email, firstname, lastname) at https://tz.mail.ru

CRLF injection via GET paramaters in tz.mail.ru Clientside vulnerabilities in tz.mail.ru is not currently covered by Bug Bounty program...

cPanel cross-site scripting vulnerability (CNVD-2019-28988)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in cPanel versions prior to 60.0.25. The vulnerability stems from a lack of proper...

GitLab: Clientside resource Exhausting by exploiting gitlab math rendering

Summary based on the documentation gitlab markdown is supporting math expresion rendering using KaTex and able to run subset syntax from LaTex this could be achieved by using 2 ways in the markdown for inline and for multiline. F476662 Steps to reproduce Step-by-step guide to reproduce the issue,...

Mail.ru: CSRF на удаление товара из корзины

CSRF vulnerability in pandao.ru allowed to remove item with id known to attacker from the cart. On the time of reportting, clientside vulnerabilities in pandao.ru are not covered by bug bounty program...

Drupal Clientside Validation Module Remote Code Execution Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A remote code execution vulnerability exists in the Drupal Clientside Validation module. An attacker can exploit the vulnerability to execute arbitrary PHP code in the...

Mail.ru: CSRF on lootdog.io

CSRF vulnerability for phone/email change action. On the time of reporting, lootdog.io clientside vulnerabilities were not covered with bug bounty...

Immunity Canvas: SPECIAL_LNK

Name| speciallnk ---|--- CVE| CVE-2017-8464 Exploit Pack| CANVAS Description| speciallnk Notes| References: 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464', 'http://paper.seebug.org/357/', 'http://www.vxjump.net/files/vulnanalysis/cve-2017-8464.txt' CVE Name:...

OkCupid: An XSS bug was fixed due to my report, but I didn't submit it through the h1

I wasn't notified of the security process, and received no bounty. On Jan 08, 2015 at 01:22AM UTC OkCupid User Feedback wrote: don't hover over this if you put this on your profile and they hover over it, they will "like" your profile this can be used to execute arbitrary clientside code...

[Full-disclosure] ActiveWeb Contentserver CMS Clientside Filtering of Page Editor Content

Advisory: ActiveWeb Contentserver CMS Clientside Filtering of Page Editor Content RedTeam Pentesting discovered a design vulnerability in the page editor of the activeWeb contentserver CMS during a penetration test. Filtering of user content, e.g. to prevent the usage of Javascript code, is done ...