47 matches found
CVE-2022-50968
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...
CVE-2026-7013 MaxSite CMS mail_send Plugin cross site scripting
A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mailsend Plugin. The manipulation of the argument fsubject/ffiles/ffrom leads to cross site scripting. The attack can be initiated remotely. The exploit has...
Exploit for Use of Less Trusted Source in Meshtastic Meshtastic_Firmware
Stopping Meshtastic from-field spoof attacks — shape-detecti...
CVE-2026-35038
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via from field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal...
Signal K Server: Arbitrary Prototype Read via `from` Field Bypass
Summary The /signalk/v1/applicationData/... JSON-patch endpoint allows users to modify stored application data. To prevent Prototype Pollution, the developers implemented an isPrototypePollutionPath guard. However, this guard only checks the path property of incoming JSON-patch objects. It...
EUVD-2026-18396
Signal K Server: Arbitrary Prototype Read via from Field Bypass...
GHSA-QH3J-MRG8-F234 Signal K Server: Arbitrary Prototype Read via `from` Field Bypass
Summary The /signalk/v1/applicationData/... JSON-patch endpoint allows users to modify stored application data. To prevent Prototype Pollution, the developers implemented an isPrototypePollutionPath guard. However, this guard only checks the path property of incoming JSON-patch objects. It...
CVE-2026-35038
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via from field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal...
CVE-2026-35038 signalk-server: Arbitrary Prototype Read via `from` Field Bypass
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via from field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal...
CVE-2026-35038
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via from field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal...
Signal K Server 信息泄露漏洞
The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.24.0 contained a vulnerability related to information leakage. This vulnerability stemmed from the from field bypassing the prototype boundary filtering mechanism, which...
CVE-2024-58297
PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page...
CVE-2024-58297 PyroCMS v3.0.1 Stored Cross-Site Scripting via Admin Redirects
PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page...
EUVD-2019-8023
Malware in sbrugna...
EUVD-2005-2087
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-1765
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and...
WordPress plugin Post SMTP 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
thunderbird: Address of e-mail sender can be spoofed by malicious email
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040...
thunderbird: Address of e-mail sender can be spoofed by malicious email
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040...
DEBIAN-CVE-2025-0510
Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability was fixed in Thunderbird 128.7 and Thunderbird 135...