CVE-2026-5253 bufanyun HotGo editNotice Endpoint MessageList.vue cross site scripting

A weakness has been identified in bufanyun HotGo 1.0/2.0. Affected by this vulnerability is an unknown functionality of the file /web/src/layout/components/Header/MessageList.vue of the component editNotice Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be...

MAL-2025-15546 Malicious code in bd-header-component (npm)

The package bd-header-component was found to contain malicious code...

Malicious code in bd-header-component (npm)

The package bd-header-component was found to contain malicious code...

Malicious code in @sporta-technology/d11-web-components.header (npm)

--- -= Per source details. Do not edit below this line.=-...

UBUNTU-CVE-2024-52762

A cross-site scripting XSS vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "tz" parameter...

CVE-2024-40530

Pantera CRM versions 401.152 and 402.072 are affected by an authorization bypass vulnerability where an attacker can bypass IP-based access controls by manipulating the X-Forwarded-For header. The CVE-2024-40530 entry includes a CVSS v3.1 base score of 7.5 (HIGH) with NETWORK attack vector, LOW a...

Cross site scripting

A reflected cross site scripting XSS vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Information disclosure

VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-free. The impact is: Denial of Service or possibly other impact eg. code execution or information disclosure. The component is: The header::addFILTERdescriptor method in header.cpp. The attack vector is: The victim must open a...