Malicious code in test-mlw2-perms-inurn-lores-decks (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-48876 Malicious code in test-mlw2-perms-inurn-lores-decks (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in test-mlw1-perms-inurn-lores-decks (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2025-43703

An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API even though the attacker has no knowledge of an API key through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists...

Nextcloud: Access Control: Inject tasks into other users decks

When moving a task to another deck a request is made to /apps/deck/cards/XXXX. in the request the destination stackId parameter is used. When a user changes the parameter to that of a stack not belonging to him the task is still added. PoC Create a card: POST /apps/deck/cards HTTP/1.1...

hearthstonetopdecks.com XSS vulnerability

Vulnerable URL: https://www.hearthstonetopdecks.com/cards/?st=" autofocus onfocus=alert/OPENBUGBOUNTY/ Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 22:42 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1482...