CVE-2026-27474

SPIP before 4.4.9 allows Cross-Site Scripting XSS in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappeantixss function was not systematically applied to input, form, button, and anchor a HTML tags, allowing an attacker to inject malicious scripts through these element...

USN-8025-1: .NET vulnerability

Kevin Jones discovered that the System.Security.Cryptography.Cose component in .NET did not properly handle certain missing special elements in input data. An attacker could possibly use this issue to bypass security checks and gain unauthorized access or perform data manipulation...

USN-8025-1 dotnet8, dotnet9, dotnet10 vulnerability

Kevin Jones discovered that the System.Security.Cryptography.Cose component in .NET did not properly handle certain missing special elements in input data. An attacker could possibly use this issue to bypass security checks and gain unauthorized access or perform data manipulation...

PT-2026-20915

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9 Description SPIP versions before 4.4.9 contain a Cross-Site Scripting XSS issue in the private area. A previous fix in SPIP 4.4.8 was incomplete, and the echappe anti xss function was not consistently applied to...

EUVD-2018-6332

Malware in sbrugna...

EUVD-2016-6223

Malware in sbrugna...

EUVD-2009-0359

Malware in sbrugna...

CVE-2025-29192

Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...

Zen Cart 操作系统命令注入漏洞

Zen Cart is an open source, free shopping mall system , used to build a professional online store . A remote code execution vulnerability exists in Zen Cart 1.5.7b. The vulnerability can be exploited by an administrator to execute arbitrary OS commands by inspecting HTML radio input elements and...

CVE-2018-10193

LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service browser hang via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements...

CVE-2018-10193

LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service browser hang via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements...

Mozilla: Use-after-free while manipulating form input elements (MFSA 2018-03)

A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firefox 58...

CVE-2014-4450

The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements...

FreeBSD : chromium -- multiple vulnerabilities (5acf4638-7e2c-11e3-9fba-00262d5ed8ee)

Google Chrome Releases reports : 11 security fixes in this release, including : - 249502 High CVE-2013-6646: Use-after-free in web workers. Credit to Collin Payne. - 326854 High CVE-2013-6641: Use-after-free related to forms. Credit to Atte Kettunen of OUSPG. - 324969 High CVE-2013-6642: Address...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 11 security fixes in this release, including: 249502 High CVE-2013-6646: Use-after-free in web workers. Credit to Collin Payne. 326854 High CVE-2013-6641: Use-after-free related to forms. Credit to Atte Kettunen of OUSPG. 324969 High CVE-2013-6642: Address bar...

mozilla -- automated file upload

A malicious web page can cause an automated file upload from the victim's machine when viewed with Mozilla with Javascript enabled. This is due to a bug permitting default values for type="file" elements in certain situations...