sendportal code injection vulnerability

SendPortal is a self-hosted email marketing management tool developed by Mattel. Versions of SendPortal 3.0.1 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of the content parameter by the Campaign Handler component in the /webview/ file, which...

CVE-2026-42502

Summary of CVE-2026-42502 : The vulnerability concerns the Go project’s HTML parsing in the package golang.org/x/net/html. The root cause is an incorrect handling of HTML elements in foreign content during parsing, which can produce an unexpected HTML tree when rendering with Render. This behavio...

CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

PT-2026-33091

A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed. This...

Duplicate Advisory: OpenClaw: Tlon cite expansion happens before channel and DM authorization is complete

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vfg3-pqpq-93m4. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cit...

CVE-2026-35637

OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work and content handling prior to final auth decisions. Attackers can exploit this timing vulnerability to access or manipulate content before proper authorization validation...

CVE-2020-37178

KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash...

Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t

This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: Updated...

CVE-2025-42620 CSRF vulnerability in CIRCL Vulnerability-Lookup

In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting XSS. On the backend, the relatedvulnerabilities field of bundles accepted arbitrary strings without format validation or proper...

Apple多款产品 缓冲区错误漏洞

Apple Safari is a web browser that is the default browser shipped with Mac OS X and iOS operating systems. apple iOS is an operating system developed for mobile devices. apple tvOS is an operating system for Smart TVs. A buffer error vulnerability exists in several Apple products that stems from...

Apple多款产品 安全漏洞

Apple Safari and others are products of Apple Inc. Apple Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems. apple iOS is a set of operating systems developed for mobile devices. apple iPadOS is a set of operating systems for the iPad tablet...

EUVD-2019-17984

Malware in sbrugna...

EUVD-2018-20061

Malware in sbrugna...

EUVD-2018-20028

Malware in sbrugna...

EUVD-2024-20705

Malicious code in bioql PyPI...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via improper handling of web content. An attacker can execute arbitrary code or compromise user data by enticing a user to visit a malicious website. Remediation Upgrade Firefox to version 143.0 or higher...

mblog 安全漏洞

mblog is a blogging system by langhsu individual developer. A security vulnerability exists in mblog 3.5.0 and earlier versions, which originates from a cross-site scripting attack due to incorrect manipulation of the content/title parameter in file/post/submit...

PT-2025-33816

Name of the Vulnerable Software and Affected Versions: Mermaid versions 10.9.0-rc.1 through 11.9.0 Description: Mermaid is a JavaScript-based diagramming and charting tool that utilizes Markdown-inspired text definitions and a renderer to create and modify diagrams. In the default configuration,...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE versions prior to 11.6 to...

SUSE-SU-2025:02423-1 Security update for kubernetes1.23

This update for kubernetes1.23 fixes the following issues: - CVE-2021-25743: Escape terminal special characters in kubectl output bsc1194400. - CVE-2023-2431: Prevent pods to bypass the seccomp profile enforcement bsc1212493. - CVE-2024-0793: Advance autoscaling v2 as the preferred API version...