GHSA-HQ3P-W4XV-X7VP Keycloak: Access token disclosure and implicit flow bypass via forged client data

A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect OIDC clients. By manipulating client data during a session restart, an attacker can obtain an access token th...

EUVD-2019-18217

Malware in sbrugna...

EUVD-2013-2613

Malware in sbrugna...

CVE-2025-54783 SuiteCRM: Reflected Cross Site Scripting (XSS) through HTTP Referrer header

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.6 and below have a Reflected Cross-Site Scripting XSS vulnerability. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to inclu...

CVE-2025-54783 SuiteCRM: Reflected Cross Site Scripting (XSS) through HTTP Referrer header

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.6 and below have a Reflected Cross-Site Scripting XSS vulnerability. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to inclu...

CVE-2019-8827

The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15...

CVE-2019-8827

The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15...

Design/Logic Flaw

The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15...

CVE-2019-8827

CVE-2019-8827 affects WebKit-based browsers used in Apple products (Safari, iCloud for Windows, iTunes, tvOS, iPadOS/iOS) and Windows iCloud/WebKit pages. Root cause: processing maliciously crafted web content allowed leakage of visited sites via the HTTP referrer header; Apple downgraded third-p...

CVE-2019-8827

The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15...

About the security content of iTunes 12.10.2 for Windows - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

CVE-2013-2674

Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers...

KLA11650 Multiple vulnerabilities in Apple iCloud

Multiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, perform cross-site scripting attack, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Multiple memory corruption...

Apple iOS < 13.2 Multiple Vulnerabilities

Binary data appleios132check.nbin...

WordPress Breezing Forms 1.2.7.42 Cross Site Scripting Vulnerability

WordPress Breezing Forms plugin version 1.2.7.42 suffers from a cross site scripting vulnerability. Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Breezing Forms Plugin 1.2.7.42 Breezing Forms Plugin is prone to a stored cross-site scripting vulnerability because it fai...

PHP-Nuke MS-Analysis Module HTTP Referrer Field SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9948/info Reportedly the MS-Analysis module is prone to a remote SQL injection vulnerability. This issue is due to a failure to properly sanitize user supplied HTTP header input before using it in an SQL query. As a resul...

PMachine ExpressionEngine 1.4.1 HTTP Referrer HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16377/info ExpressionEngine is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to HTTP 'Referer' header before using it in dynamically...

url_session

This plugin finds URLs which contain a parameter that stores the session ID. This configuration leaves the session id exposed in browser and server logs, and is also leaked through the HTTP referrer header. Plugin type Grep Options This plugin doesnt have any user configured options. Source For...

CVE-2010-1164

Multiple cross-site scripting XSS vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the 1 element or 2 defaultColor parameter to the Colour Picker page; the 3 formName parameter, 4 element parameter, or 5 full name field to the Us...

Ubuntu Update for firefox vulnerabilities USN-592-1

Ubuntu Update for Linux kernel vulnerabilities USN-592-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5921.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for firefox vulnerabilities USN-592-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...