OpenClaude MCP OAuth Callback: State Check Bypass via error Param Leads to DoS

OAuth State Validation Bypass via error Parameter Causes Local Server DoS in MCP Auth Callback --- Description The OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internal...

CVE-2026-41200

STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...

CVE-2025-50659

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the customerror parameter in the /user.asp endpoint...

PT-2026-31382

CVE-2025-50659 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the custom error parameter in the /user.asp endpoint. https://t.co/1QLVN2Tkxc...

SUSE CVE-2019-8400

ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error errorhint parameter...

Cross-site Scripting (XSS)

Overview @grackle-ai/server is a Grackle server orchestrator — spawns and wires core gRPC, web-server HTTP, MCP, and PowerLine Affected versions of this package are vulnerable to Cross-site Scripting XSS via the renderPairingPage function. An attacker can inject malicious scripts into the rendere...

Student Management System 代码注入漏洞

Student Management System is a simple web-based student management software developed by Sk.Amir Hamza in Bangladesh. The Student Management System has a code injection vulnerability, which stems from incorrect handling of the parameter “Error” in the file index.php, potentially leading to...

CVE-2026-1721

CVE-2026-1721 is a reflected XSS in AI Playground’s OAuth callback handler. The root cause is direct interpolation of the error_description query parameter into an inline script tag in site/ai-playground/src/server.ts, enabling arbitrary JavaScript execution in a victim’s session. Reported impact...

CVE-2025-14063

The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'googleerror' parameter in all versions up to, and including, 1.7.9.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

CVE-2025-14063

CVE-2025-14063 – SEO Links Interlinking (WordPress) is a Reflected Cross-Site Scripting (XSS) vulnerability affecting all versions up to 1.7.5. The issue arises from insufficient input sanitization and output escaping for the google_error parameter, enabling unauthenticated attackers to inject ar...

CVE-2025-14063 SEO Links Interlinking <= 1.7.9.9.1 - Reflected Cross-Site Scripting via 'google_error' Parameter

The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'googleerror' parameter in all versions up to, and including, 1.7.9.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

CVE-2025-14063

The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'googleerror' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

EUVD-2025-206509

The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'googleerror' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-14063 SEO Links Interlinking <= 1.7.9.9.1 - Reflected Cross-Site Scripting via 'google_error' Parameter

The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'googleerror' parameter in all versions up to, and including, 1.7.9.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

WordPress SEO Links Interlinking plugin <= 1.7.5 - Reflected Cross-Site Scripting via 'google_error' Parameter vulnerability

Reflected Cross-Site Scripting via 'googleerror' Parameter vulnerability discovered by johska in WordPress Plugin SEO Links Interlinking versions = 1.7.5...

PT-2026-5086

The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'google error' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2020-36875

AccessAlly WordPress plugin

PT-2026-1686

Name of the Vulnerable Software and Affected Versions AccessAlly versions prior to 3.3.2 Description The AccessAlly WordPress plugin contains a flaw where the login error parameter in the Login Widget is treated as PHP code. This allows a remote attacker to execute arbitrary PHP code within the...

WordPress plugin AccessAlly 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-63949

A Reflected Cross-Site Scripting XSS vulnerability in yohanawi Hotel Management System commit 87e004a allows a remote attacker to execute arbitrary web script via the 'error' parameter in pages/room.php...