CVE-2026-21853

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in tw...

EUVD-2020-24861

Malware in sbrugna...

EUVD-2024-18120

Malicious code in bioql PyPI...

CVE-2024-56962

An issue in Tencent Technology Shanghai Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link...

CVE-2021-26947

Cross-site scripting XSS issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted link...

CVE-2025-25324

An issue in Shandong Provincial Big Data Center AiShanDong iOS 5.0.0 allows attackers to access sensitive user information via supplying a crafted link...

CVE-2024-56947

An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 allows attackers to access sensitive user information via supplying a crafted link...

Govee Home 安全漏洞

Govee Home is an application from Govee, Inc. A security vulnerability exists in Govee Home version 6.5.01 that originates from an attacker being able to access sensitive user information by providing a carefully crafted link...

CVE-2024-6450

HyperView Geoportal Toolkit in versions lower than 8.5.0 is vulnerable to Reflected Cross-Site Scripting XSS. An unauthenticated attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser...

The vulnerability of the QTS operating system’s network storage solutions on QNAP allows attackers to carry out XSS attacks.

The vulnerability of the QTS operating system and QNAP network storage devices exists due to insufficient data cleaning. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks using a specially created link...

The vulnerability of the Ragic Cloud DB network storage solution provided by QNAP NAS allows attackers to execute XSS attacks.

The vulnerability of the Ragic Cloud DB network storage solution provided by QNAP NAS exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks using a specially created link...

The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of Adobe Experience Manager’s content and media data management system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created link...

D-Link Dir-X1860 安全漏洞

The D-Link Dir-X1860 is a dual-band router from D-Link, a Chinese company. A specially designed URL to an authenticated victim to reboot the router. The authenticated victim would need to access the URL in order for the router to reboot...

The vulnerability of the Clientless SSL VPN (WebVPN) component of the Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense software allows a perpetrator to execute arbitrary code or gain access to confidential information.

The vulnerability of the Clientless SSL VPN WebVPN component of the micro-programming network interface software from Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense exists due to the lack of protective measures for the web page structure. Exploiting this vulnerability allows...

The vulnerability of the Azure DevOps Server software development tools’ setup exists due to the lack of measures taken to neutralize specific elements. This vulnerability allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the Azure DevOps Server software development tools exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of protected information through a specially...

The vulnerability in the web interface for controlling Cisco Registered Envelope Service allows a perpetrator to inject arbitrary code into the web page that is uploaded.

The vulnerability of the web interface for managing security information transmitted by the Cisco Registered Envelope Service is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into the...

Detcon SiteWatch Gateway Authentication Vulnerability

Detcon SiteWatch Gateway is a gateway device from Detcon. An authentication vulnerability exists in Detcon SiteWatch Gateway. The vulnerability can be exploited by an attacker to change settings via a specially crafted URL...