CVE-2021-35208

An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected...

CVE-2021-20076

Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution RCE on the Tenable.sc server via Hypertext Preprocessor unserialization...

CVE-2015-6515

Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via a header...

UBUNTU-CVE-2025-5020

Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client This vulnerability affects Firefox for iOS 139...

WordPress Pet World theme <= 2.8 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Pet World versions = 2.8...

The vulnerability of the PHP programming language interpreter, related to deficiencies in handling HTTP request headers, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the PHP programming language interpreter is related to deficiencies in the processing of HTTP request headers. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests a type of HTTP Request Smuggling attack...

Astra Linux - уязвимость в firefox, thunderbird

Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS 136...

IBM Content Navigator 安全漏洞

IBM Content Navigator is a Web client from International Business Machines IBM. The product supports searching and processing documents stored in content servers from a Web browser. A security vulnerability exists in IBM Content Navigator versions 3.0.11, 3.0.15, and 3.1.0, which stems from...

jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability

A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGSMAXHEADERLISTSIZE parameter...

VulnCheck KEV: CVE-2024-11182

MDaemon Email Server contains a cross-site scripting XSS vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message...

编号撤回

Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation in the United States that is separate from the Mozilla Application Suite. The software supports the IMAP and POP mail protocols as well as the HTML mail format. This CVE number has been withdrawn...

php: Header parser of http stream wrapper does not handle folded headers

A flaw was found in PHP. This vulnerability allows misinterpretation of HTTP response headers, potentially leading to incorrect usage of headers, MIME types, and other response attributes via incorrect parsing of folded headers in the HTTP request module...

libsoup: Denial of service on libsoup through HTTP/2 server

A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service DoS...

php: Configuring a proxy in a stream context might allow for CRLF injection in URIs

A flaw was found in PHP. In affected versions of PHP, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized, which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the...

php: Stream HTTP wrapper truncates redirect location to 1024 bytes

A flaw was found in PHP. This vulnerability allows incorrect URL truncation and redirection to the wrong location via HTTP redirect handling due to a limited location buffer size...

php: Streams HTTP wrapper does not fail for headers with invalid name and no colon

A flaw was found in PHP. This vulnerability allows applications to accept invalid headers via malformed HTTP headers missing a colon :, which may confuse applications into processing them as valid headers...

Park Ticketing Management System HTML Injection Vulnerability

Park Ticketing Management System is a park ticketing management system. Park Ticketing Management System suffers from an HTML injection vulnerability that stems from the mishandling of the searchdata parameter in the normal-search.php file, resulting in an HTML injection attack. No details of the...

CVE-2024-56523

Radware Cloud Web Application Firewall WAF before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method...

EspoCRM 注入漏洞

EspoCRM is an open source web-based customer relationship management CRM system from EspoCRM Open Source. The system provides features such as sales automation, community and customer support. An injection vulnerability exists in EspoCRM versions prior to 9.0.8 that stems from excessive HTML...

Allocation of Resources Without Limits or Throttling

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the striptags function. An attacker can cause slow performance by...