CVE-2026-34405

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...

CVE-2026-34405

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...

EUVD-2026-17670

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...

PT-2026-29371

Name of the Vulnerable Software and Affected Versions Nuxt OG Image versions prior to 6.2.5 Description The Nuxt OG Image package contains a flaw in the image-generation component accessible via the API endpoint / og/d/ and /og-image/ in older versions. This issue allows for the injection of...

Mozilla: Improper handling of html and body tags enabled CSP nonce leakage

The Mozilla Foundation Security Advisory describes this flaw as: Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies...

Mozilla: Improper handling of html and body tags enabled CSP nonce leakage

The Mozilla Foundation Security Advisory describes this flaw as: Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies...

USN-6703-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-2609, CVE-2024-2611,...

CVE-2022-31127 Improper handling of email input in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail signin endpoint that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.:...

CVE-2022-26953

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body...

Buffer overflow

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body...

Digi Passport 缓冲区错误漏洞

Digi Passport is a series of console servers from Digi USA. It provides secure remote access to computer systems and network devices. A security vulnerability in Digi Passport Firmware prior to 1.5.1,1 allows an attacker to supply a string in a page parameter for the reboot.asp endpoint and force...

Private IP Address Disclosure

Private, or non-routable, IP addresses are generally used within a home or company network and are typically unknown to anyone outside of that network. Cyber-criminals will attempt to identify the private IP address range being used by their victim, to aid in collecting further information that...

UBUNTU-CVE-2014-1720

Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attributes...

AXIGEN Webmail < 7.1.0 HTML Body Script Insertion

The version of AXIGEN Webmail running on the remote host is earlier than 7.1.0. Such versions fail to fully sanitize text in the body of email messages. If an attacker can trick a user into opening a specially crafted message using the affected webmail application, this can be leveraged to inject...