Astra Linux - уязвимость в firefox

Firefox’s HTML parser did not correctly interpret HTML comment tags, leading to inconsistencies with other browsers. This vulnerability could have been exploited to embed user-controlled data within HTML comments on pages. This issue affects Firefox versions prior to 101...

CVE-2026-5032

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...

Vulnogram 跨站脚本漏洞

Vulnogram is an open-source CVE vulnerability management and publishing tool developed by Vulnogram. Version 1.0.0 of Vulnogram contains a cross-site scripting vulnerability. This vulnerability stems from stored-xss annotations in HTML comments, which may allow remote attackers to inject XSS...

When Skills Lie: Hidden-Comment Injection in LLM Agents

LLM agents often rely on Skills to describe available tools and recommended procedures. We study a hidden-comment prompt injection risk in this documentation layer: when a Markdown Skill is rendered to HTML, HTML comment blocks can become invisible to human reviewers, yet the raw text may still b...

CVE-2022-23549

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta16 on the beta and tests-passed branches, users can create posts with raw body longer than the maxlength site setting by including html comments that are not counted toward the...

EUVD-2007-0476

Malware in sbrugna...

EUVD-2017-12959

Malware in sbrugna...

EUVD-2020-23291

Malware in sbrugna...

EUVD-2019-0746

Malware in sbrugna...

EUVD-2007-0535

Malware in sbrugna...

EUVD-2020-0269

Malware in sbrugna...

EUVD-2020-25920

Malware in sbrugna...

EUVD-2001-1399

Malware in sbrugna...

EUVD-2007-6165

Malware in sbrugna...

EUVD-2009-2426

Malware in sbrugna...

EUVD-2007-4056

Malware in sbrugna...

EUVD-2014-8556

Malware in sbrugna...

EUVD-2022-28567

Malicious code in bioql PyPI...

CVE-2020-35625

An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class defined within PHP or MediaWiki via a crafted HTML comment, related to a Smarty template. For example...

USN-7464-1: Jupyter Notebook vulnerability

It was discovered that Jupyter Notebook did not properly parse HTML comments under certain circumstances. An attacker could possibly use this issue to cause a regular expression denial of service ReDoS...