4395 matches found
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution in PWA implementations. It could allow remote attackers who have infiltrated...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.55 contained a resource management vulnerability. This vulnerability stemmed from PrivateAI’s ability to release and reuse resources, which could lead to sandbox escape through specially crafted...
PT-2026-30853
Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, transactional email templates in Papra interpolate user.name directly into HTML without escaping or sanitization. An attacker who registers with a display name containing HTML tags will have those tags injected...
CVE-2026-22663
prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...
lila 安全漏洞
Lila is an ad-free and open-source chess server developed by Lichess. Lila has a security vulnerability that stems from allowing approved hosts to inject arbitrary HTML, which may lead to server-side HTML injection attacks...
EUVD-2026-19005
A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown part of the component HTTP Interface. Such manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may...
EUVD-2025-209217
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user description field in all versions up to, and including, 2.11.1 due to insufficient input sanitization a...
CVE-2026-34831
A flaw was found in Rack. A remote attacker can exploit this vulnerability by requesting a non-existent path containing percent-encoded UTF-8 characters. This causes Rack::Filesfail to incorrectly calculate the Content-Length header, using Stringsize instead of Stringbytesize for multibyte...
GHSA-XPQH-GRPW-4XMG Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important...
Roundcube Webmail: Insufficient HTML attachment sanitization in preview mode
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment...
UBUNTU-CVE-2026-35539
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment...
CVE-2026-35539
CVE-2026-35539 affects Roundcube Webmail prior to 1.5.14 and 1.6.14. The issue is an XSS vulnerability caused by insufficient HTML attachment sanitization in preview mode; a user must preview a text/html attachment for exploitation. The vulnerability is limited to scenarios where a victim preview...
CVE-2026-35539
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment...
CVE-2026-35539
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment...
CVE-2025-15620 HiOS Switch Platform Denial-of-Service via Web Interface
HiOS Switch Platform versions 09.1.00 through 09.4.04 and 10.0.00 through 10.3.00 contain a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can trigger an...
HTTPS Fetch, Windows Command Shell, Reverse TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/https/x86/shell/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf...
HTTPS Fetch
Fetch and execute an x86 payload from an HTTPS server. Module Options msf use payload/cmd/windows/https/x86/powershellreversetcp msf payloadpowershellreversetcp show actions ...actions... msf payloadpowershellreversetcp set ACTION msf payloadpowershellreversetcp show options ...show and set...
HTTP Fetch, Windows Command Shell, Bind IPv6 TCP Stager (Windows x86)
Fetch and execute an x86 payload from an HTTP server. Spawn a piped command shell staged. Listen for an IPv6 connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/shell/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf...
HTTP Fetch, Windows Command Shell, Hidden Bind TCP Stager
Fetch and execute an x86 payload from an HTTP server. Spawn a piped command shell staged. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/http/x86/shell/bindhiddentcp msf payloadbindhiddentcp show actions...
HTTP Fetch, Reverse TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/http/x86/peinject/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf payloadreversenonxtcp show options...