Nextcloud: Mail stored HTML injection in subject text

A vulnerability was discovered in the mail stored HTML injection in subject text. The vulnerability allowed for arbitrary HTML code to be injected into the subject line of emails stored in the system...

CVE-2025-10585

Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames

A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

Autodesk Fusion 安全漏洞

Autodesk Fusion is a data management software platform from the US-based Autodesk, Inc. A security vulnerability exists in Autodesk Fusion that stems from a stored cross-site scripting vulnerability in the handling of specially crafted HTML payloads, which could result in reading a local file or...

DNN 跨站脚本漏洞

DNN also known as DotNetNuke is a set of American DNN company by Microsoft support, based on the ASP.NET platform of open source content management system CMS. The system is easy to install, scalable, feature-rich and so on. A cross-site scripting vulnerability exists in DNN versions prior to...

ROS-20250923-42

Vulnerability of the cURL command line utility's implementation of HTTP "chaining" compression mechanisms is related to the following the possibility to perform an infinite number of steps of HTTP server responses decompression, which will lead to uncontrolled memory consumption. uncontrolled...

CVE-2025-59526

CVE-2025-59526 affects the Node.js package mailgen. A HTML injection/XSS vulnerability exists in plaintext emails generated by Mailgen when using generatePlaintext(email) with user-provided content. The issue is fixed in version 2.0.30; a workaround is stripping HTML tags from input before passin...

CVE-2025-59526 Mailgen: HTML injection vulnerability in plaintext e-mails

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintextemail method is used and given...

Mailgen: HTML injection vulnerability in plaintext e-mails

HTML Injection and XSS Filter Bypass in Plaintext Emails Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail; method and pass in user-generated content. The issue was discovere...

GHSA-J2XJ-H7W5-R7VP Mailgen: HTML injection vulnerability in plaintext e-mails

HTML Injection and XSS Filter Bypass in Plaintext Emails Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail; method and pass in user-generated content. The issue was discovere...

CVE-2025-59411

CubeCart is an ecommerce software solution. Prior to version 6.5.11, the contact form’s Enquiry field accepts raw HTML and that HTML is included verbatim in the email sent to the store admin. By submitting HTML in the Enquiry, the admin receives an email containing that HTML. This indicates user...

CVE-2025-59412 CubeCart Vulnerable to HTML Injection in Product Reviews Allows Malicious Links and Defacement

CubeCart is an ecommerce software solution. Prior to version 6.5.11, a vulnerability exists in the product reviews feature where user-supplied input is not properly sanitized before being displayed. An attacker can submit HTML tags inside the review description field. Once the administrator...

PT-2025-39071

Name of the Vulnerable Software and Affected Versions mailgen versions prior to 2.0.30 Description mailgen is a Node.js package used to generate responsive HTML e-mails. A HTML injection flaw exists in plaintext e-mails generated by the software when using the Mailgen.generatePlaintextemail metho...

CVE-2025-59410

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing th...

[SECURITY] [DSA 6006-1] jetty12 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6006-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 19, 2025 https://www.debian.org/security/faq -...

PHP Detection Consolidation

Consolidation of PHP detections. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.171722";...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the gRPC API and HTTP APIs, which allow peers to send requests that cause the recipient to create files in arbitrary file system locations and read arbitrary files. An attacker can access sensitive data or execu...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the gRPC API and HTTP APIs, which allow peers to send requests that cause the recipient to create files in arbitrary file system locations and read arbitrary files. An attacker can access sensitive data or execu...

CVE-2025-59410 Dragonfly tiny file download uses hard coded HTTP protocol

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing th...

CVE-2025-8411 XSS in Dokuzsoft Technology's E-Commerce Web Design Product

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology E-Commerce Web Design Product allows XSS Through HTTP Headers. This issue affects E-Commerce Web Design Product: before 11.08.2025...