The Silent Spill: Measuring Sensitive Data Leaks across Public URL Repositories

A large number of URLs are made public by various platforms for security analysis, archiving, and paste sharing -- such as VirusTotal, URLScan.io, Hybrid Analysis, the Wayback Machine, and RedHunt. These services may unintentionally expose links containing sensitive information, as reported in so...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview @astrojs/node is a Deploy your site to a Node.js server Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the X-Forwarded-Host header when using the Astro.url property without validation. An attacker c...

CVE-2025-61925 Astro's `X-Forwarded-Host` is reflected with no validation

Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...

VulnCheck KEV: CVE-2024-46982

Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce...

ZITADEL has improper HTML sanitization in emails and Console UI

Impact ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may potentially lead to a threat where an attacker,...

GHSA-V333-7H2P-5FHV ZITADEL has improper HTML sanitization in emails and Console UI

Impact ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may potentially lead to a threat where an attacker,...

CVE-2024-30402

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon l2ald of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service DoS. When telemetry requests are sent to the device, and t...

CVE-2024-30402

Summary of CVE-2024-30402 (Juniper Junos OS / Junos OS Evolved): The vulnerability stems from an improper check for unusual or exceptional conditions in the Layer 2 Address Learning Daemon (l2ald). When telemetry requests are received and the Dynamic Rendering Daemon (drend) is suspended, l2ald c...

CVE-2024-21614

An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon RPD of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service DoS. On all Junos OS and Junos OS Evolved...

CVE-2024-21614

An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon RPD of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service DoS. On all Junos OS and Junos OS Evolved...

PT-2024-1116 · Juniper Networks · Junos Evolved +1

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 22.2R2-S2, 22.2R3 Juniper Networks Junos OS versions prior to 22.3R2, 22.3R3 Juniper Networks Junos OS Evolved versions prior to 22.2R2-S2-EVO, 22.2R3-EVO Juniper Networks Junos OS Evolved versions...

CVE-2023-44188 Junos OS: jkdsd crash due to multiple telemetry requests

A Time-of-check Time-of-use TOCTOU Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple telemetry requests, causing the Junos Kernel Debugging Streaming Daemon jkdsd process to crash,...

PT-2023-6227 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 20.4R3-S9 Juniper Networks Junos OS versions 21.1R1 and later Juniper Networks Junos OS versions prior to 21.2R3-S6 Juniper Networks Junos OS versions prior to 21.3R3-S5 Juniper Networks Junos OS...

MDwiki Cross Site Scripting

Originally thought that only a problem with Tencent's site implementation, the black brother reminded me to look at the Github address in the source code, only to find the open source MDwiki universal system. MDwiki is a wiki/CMS system built entirely on HTML5/Javascript technology and runs...

Ruby on Rails remote code execution vulnerability analysis (CVE-2 0 1 6-0 7 5 2)-vulnerability warning-the black bar safety net

If your application uses a dynamic rendering path, such as render params:id, and then unfortunately, the application currently by the presence of local file inclusion and lead to remote code execution vulnerabilities, please quickly move your Rails to update to the latest version, or for your...