CVE-2025-67779

A flaw was found in React Server Components. This vulnerability allows a denial of service via unsafe deserialization of payloads from HTTP Hypertext Transfer Protocol requests to Server Function endpoints. A malicious HTTP request can be crafted and sent to any App Router endpoint that, when...

CVE-2025-55184

A flaw was found in React Server Components. This vulnerability allows a denial of service via unsafe deserialization of payloads from HTTP Hypertext Transfer Protocol requests to Server Function endpoints. A malicious HTTP request can be crafted and sent to any App Router endpoint that, when...

Webedition CMS 安全漏洞

Webedition CMS is an open source web application framework from German company Webedition. A security vulnerability exists in Webedition CMS version v2.9.8.8, which stems from the presence of a remote code execution vulnerability that could lead to the creation of injected system commands via PHP...

PT-2025-51289

Name of the Vulnerable Software and Affected Versions Soosyze version 2.0.0 Description The application has a file upload issue that permits attackers to upload arbitrary HTML files containing PHP code. This broken file upload mechanism could allow attackers to view sensitive file paths and execu...

CVE-2025-9207 TI WooCommerce Wishlist <= 2.10.0 - Unauthenticated HTML Injection

The TI WooCommerce Wishlist plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.10.0. This is due to the plugin accepting hidden fields and not limiting the values or data that can input and is later output. This makes it possible for unauthenticated...

Persistent HTML Injection

privatebin/privatebin is vulnerable to persistent HTML injection. The vulnerability is due to an unsanitized attachment filename attachmentname when attachments are enabled, which allows an attacker to modify the filename before encryption so that, after decryption, arbitrary HTML is inserted...

CVE-2025-14174

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

EUVD-2025-203117

Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

UBUNTU-CVE-2025-8405

GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability...

CVE-2025-8405 Improper Encoding or Escaping of Output in GitLab

GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability...

PT-2025-50618

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. An attacker able to alter or replace the static HTML files used by the StartPage feature can cause the application to load malicious or compromised content upon startup. This may result in...

PT-2025-50758

Name of the Vulnerable Software and Affected Versions minaliC version 2.0.0 Description minaliC version 2.0.0 contains a denial of service issue. Remote attackers can disrupt service by sending oversized GET requests. Specifically, crafted HTTP requests with excessive data can overwhelm the serve...

EulerOS 2.0 SP13 : python3 (EulerOS-SA-2025-2529)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself ...

Jenkins 安全漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.540 and earlier and LTS 2.528.2 and earlier, which stems from not properly...

HTTP Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an PPC payload from an HTTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/http/ppc/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp show...

Protection Mechanism Failure

Overview mad-proxy is a Lightweight HTTP/HTTPS interception proxy with real-time traffic firewall and domain block. Affected versions of this package are vulnerable to Protection Mechanism Failure via the HTTP/HTTPS Traffic. An attacker can access sensitive traffic by bypassing established...

CVE-2025-67532

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through = 1.2.17...

DigitalPA Legality WHISTLEBLOWING 安全漏洞

DigitalPA Legality WHISTLEBLOWING is a software system used to manage reporting by DigitalPA Italy. A security vulnerability exists in DigitalPA Legality WHISTLEBLOWING, which stems from the absence of critical HTTP security headers and could lead to cross-site scripting and clickjacking attacks...

Google Chrome Error Type Conversion Vulnerability

Google Chrome is a web browser developed by Google Inc. to provide users with a fast, secure and customizable web browsing experience. Google Chrome suffers from a mis-typed conversion vulnerability that originates from the presence of a mis-typed conversion in the loader, which can be exploited ...