Cross-site Scripting (XSS)

Angular is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to internationalization of security-sensitive attributes bypassing Angular’s sanitization when combined with untrusted data binding, which allows an attacker to inject malicious scripts...

CVE-2026-33013

A flaw was found in Micronaut Framework, specifically within the micronaut-core component. This vulnerability allows a remote attacker to cause a Denial of Service DoS by sending crafted indexed form parameters. The flaw occurs because the framework does not correctly handle descending array inde...

GHSA-G93W-MFHG-P222 Angular vulnerable to XSS in i18n attribute bindings

A Cross-Site Scripting XSS vulnerability has been identified in the Angular runtime and compiler. It occurs when the application uses a security-sensitive attribute for example href on an anchor tag together with Angular's ability to internationalize attributes. Enabling internationalization for...

Angular 跨站脚本漏洞

Angular is an open-source development platform created by Angular. It is used to build mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions of Angular prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20 have a cross-site scripting vulnerability. This...

Exploit for Code Injection in Vmware Spring_Framework

🚨 CVE-2022-22965 - "Spring4Shell" !CVEhttps://img.shield...

Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Multiple Spring Framework Vulnerabilities (CVE-2024-38820,CVE-2025-22233)

Summary Spring MVC controller vulnerable to a DoS attack and DataBinder Case Sensitive Match Exception. These vulnerabilities were remediated. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However,...

CVE-2022-35912

In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 at least when certain Java 8 configurations are used, data binding allows a remote attacker to execute code by gaining access to the class loader...

Security Bulletin: Data Binding Validation Bypass in Spring Framework, affects watsonx.data

Summary There are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2.0 - 6.2.6 6.1.0 - 6.1.19 6.0.0 - 6.0.27 5.3.0 - 5.3.42 Older, unsupported versions are also affected Mitigation Users of affected versions should...

GHSA-898P-HH3P-HF9R Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text

Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...

Security Bulletin: Vulnerabilities in Spring Context affect IBM SPSS Collaboration and Deployment Services (CVE-2025-22233, CVE-2024-38820)

Summary Vulnerabilities in Spring Context affect IBM SPSS Collaboration and Deployment Services CVE-2025-22233, CVE-2024-38820. These have been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase...

Security Bulletin: IBM Content Navigator consumes vulnerable spring framework library

Summary Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions. The vulnerability involves another data bypass issue relaed to data binding field protection Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowerca...

EUVD-2012-1843

Malware in sbrugna...

EUVD-2022-6263

Malicious code in bioql PyPI...

EUVD-2022-4149

Malicious code in bioql PyPI...

EUVD-2023-3085

Malicious code in bioql PyPI...

EUVD-2022-4886

Malicious code in bioql PyPI...

LibreChat 安全漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. A security vulnerability exists in LibreChat that stems from a lack of proper filtering when automatically binding user-supplied data to internal object properties or database fields, which could lead to manipulation and...

Linux Distros Unpatched Vulnerability : CVE-2022-22965

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the...

DEBIAN-CVE-2025-52999

jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly...

CVE-2025-22233

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...