Potential Issue With Backing up Sharepoint, Onedrive, Teams Files, and List Attachments

Challenge Backup of SharePoint, OneDrive, and Teams data completes successfully, and subsequent restores of this protected data are successful. However, when opening some of the restored files or list attachments, users may find that these items do not open correctly in their associated...

CVE-2026-33012 Micronaut Framework vulnerable to a Denial of Service in HTML error response caching

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions 4.7.0 through 4.10.16 used an unbounded ConcurrentHashMap cache with no eviction policy in its DefaultHtmlErrorResponseBodyProvider. If the application throws an...

Micronaut Framework vulnerable to a Denial of Service in HTML error response caching

DefaultHtmlErrorResponseBodyProvider in io.micronaut:micronaut-http-server since 4.7.0 and until 4.10.7 used an unbounded ConcurrentHashMap cache with no eviction policy. If the application throws an exception whose message may be influenced by an attacker, for example, including request query...

GHSA-2HCP-GJRF-7FHC Micronaut Framework vulnerable to a Denial of Service in HTML error response caching

DefaultHtmlErrorResponseBodyProvider in io.micronaut:micronaut-http-server since 4.7.0 and until 4.10.7 used an unbounded ConcurrentHashMap cache with no eviction policy. If the application throws an exception whose message may be influenced by an attacker, for example, including request query...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the DefaultHtmlErrorResponseBodyProvider class. An attacker can exhaust heap memory and cause a crash by sending requests that trigger exceptions with attacker-controlled messages...

CVE-2025-69848

NetBox is an open-source infrastructure resource modeling and IP address management platform. A reflected cross-site scripting XSS vulnerability exists in versions 2.11.0 through 3.7.x in the ProtectedError handling logic, where object names are included in HTML error messages without proper...

EUVD-2025-206716

NetBox is an open-source infrastructure resource modeling and IP address management platform. A reflected cross-site scripting XSS vulnerability exists in versions 2.11.0 through 3.7.x in the ProtectedError handling logic, where object names are included in HTML error messages without proper...

CVE-2025-66459 Lookyloo vulnerable to XSS due to unescaped error message passed to innerHTML

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, t...

CVE-2017-5664

A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. Mitigation If it is necessary to have the DefaultServlet propert...

Cross site scripting

Cross-site scripting XSS vulnerability in the httpdHtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info...

kdelibs: KHTML Incorrect handling <head> element content once the <head> element was removed (DoS, ACE)

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service memory...

CVE-2009-1690

CVE-2009-1690 is a use-after-free in WebKit affecting Safari (pre-4.0) and related WebKit-based products (iPhone OS 1.0–2.2.1, iPod touch 1.1–2.2.1, Google Chrome 1.0.154.53). The issue arises when a crafted HTML tag property causes child elements to be freed and later accessed during an HTML err...

CVE-2003-1164

Removed by vendor...