The vulnerability of the Google Chrome browser’s messaging service allows attackers to carry out spoofing attacks on Android operating systems.

The vulnerability of the Google Chrome browser’s messaging service on Android operating systems is related to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to carry out spam attacks using a specially created HTML page...

The vulnerability of the Service Diagnostics Scripts component of the OracleTeleservice module in the Oracle E-Business Suite automation system allows a perpetrator to disclose protected information.

The vulnerability of the Service Diagnostics Scripts component of the Oracle Teleservice module in the Oracle E-Business Suite system relates to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker, operating remotely, to disclose protected informatio...

thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code or cause service interruptions.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to operations that go beyond buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure through a specially crafted...

DEBIAN-CVE-2025-5068

Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

Dot 跨站脚本漏洞

Dot is a text-to-speech, RAG and LLM tool by alexpinel individual developers. A cross-site scripting vulnerability exists in Dot 0.9.3 and earlier versions, which stems from user input and LLM output being appended to the DOM using innerHTML, which could lead to cross-site scripting and command...

The vulnerability of the h11 library, related to deficiencies in HTTP request processing, allows attackers to influence the confidentiality and integrity of the protected information.

The vulnerability of the h11 library is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality and integrity of the protected information...

PHP Exec, PHP Meterpreter, PHP Reverse TCP Stager

Execute a PHP payload as an OS command from a Posix-compatible shell. Run a meterpreter server in PHP. Reverse PHP connect back stager with checks for disabled functions Module Options msf use payload/cmd/unix/php/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf...

PHP Exec, PHP Command Shell, Bind TCP (via perl) IPv6

Execute a PHP payload from a command. Listen for a connection and spawn a command shell via perl persistent over IPv6 Module Options msf use payload/cmd/unix/php/bindperlipv6 msf payloadbindperlipv6 show actions ...actions... msf payloadbindperlipv6 set ACTION msf payloadbindperlipv6 show options...

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney that originates from not properly releasing an HTTP connection after processing a 307 redirect response, which could result in a denial of service...

TeleMessage 安全漏洞

TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier, which stems from the heap content of a JSP application containing a password sent over HTTP...

DEBIAN-CVE-2025-5283

Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

SUSE Manager Server 安全漏洞

SUSE Manager Server is an infrastructure management solution from SUSE Germany designed to simplify and secure the management of various Linux distributions. A security vulnerability exists in SUSE Manager Server that stems from improper neutralization of script-related HTML tags, which could lea...

CVE-2024-21038

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2023-21943

Vulnerability in Oracle Essbase component: Security and Provisioning. The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks require human interaction from a...

CVE-2023-0624

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

CVE-2023-1720

Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through...

PHPGurukul Medical Card Generation System 安全漏洞

Medical Card Generation System is a medical card generation system. The Medical Card Generation System suffers from an HTML injection vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the pagedes parameter of admin/contactus.php, which can be...

CVE-2022-36880

The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message...

CVE-2021-2206

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite component: Quotes. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade...