CVE-2025-68458

Webpack CVE-2025-68458 affects Webpack’s HTTP(S) resolver (HttpUriPlugin) when experiments.buildHttp is enabled. A crafted URL containing userinfo (username:password@host) can bypass allowedUris checks and cause the build process to request resources from internal or non-whitelisted hosts, enabli...

EUVD-2025-6050

Malicious code in bioql PyPI...

CVE-2025-27668

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Arbitrary Content Inclusion via Iframe OVE-20230524-0012...

CVE-2025-27668

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Arbitrary Content Inclusion via Iframe OVE-20230524-0012...

CVE-2025-27668

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Arbitrary Content Inclusion via Iframe OVE-20230524-0012...

CVE-2025-27668

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Arbitrary Content Inclusion via Iframe OVE-20230524-0012...

CVE-2025-27668

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Arbitrary Content Inclusion via Iframe OVE-20230524-0012...

CVE-2025-27668

CVE-2025-27668 affects Vasion Print (formerly PrinterLogic) SaaS-based cloud service prior to Virtual Appliance Host 22.0.843 and Application 20.0.1923, where an arbitrary content inclusion vulnerability can be triggered via an iframe (OVERVIEW-20230524-0012). The CVSS v3.1 base score is 9.8 (CRI...

CVE-2022-27193

CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...

AXIS Communications XSS / Content Inclusion

0RWELLL4BS security advisory olsa-2015-8258 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Improper Input Validation CWE-20 - CVE Name:...

AXIS Communications XSS / Content Inclusion Vulnerabilities

Exploit for hardware platform in category web applications Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Improper Input Validation CWE-20 - CVE Name: CVE-2015-8258 -...

Squiz MySource Matrix Unauthorised Proxy and Cross Site Scripting

aushack.com - Vulnerability Advisory ----------------------------------------------- Release Date: 22-Sep-2006 Software: Squiz - My Source and My Source Matrix http://www.squiz.net.au "MySource Matrix is the newest version of the popular MySource CMS, purpose built for enterprise level...