Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State

Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. You are vulnerable if all of the following is true: - you are using attribute spreading on a form element - you are using attribute spreading or allow a dynamic value for the...

PT-2026-41134

Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. You are vulnerable if all of the following is true: - you are using attribute spreading on a form element - you are using attribute spreading or allow a dynamic value for the...

CVE-2026-5436

The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter upload field key passed to the generateuserfiledirpath function, which uses WordPress's pathjoin — a function that...

EUVD-2023-60434

In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Correct devm device reference for hidinput inputdev name Reference the HID device rather than the input device for the devm allocation of the inputdev name. Referencing the inputdev would lead to a use-after-free wh...

CVE-2023-54207

In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Correct devm device reference for hidinput inputdev name Reference the HID device rather than the input device for the devm allocation of the inputdev name. Referencing the inputdev would lead to a use-after-free wh...

EUVD-2024-19715

Malicious code in bioql PyPI...

CVE-2023-53454

In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Correct devm device reference for hidinput inputdev name Reference the HID device rather than the input device for the devm allocation of the inputdev name. Referencing the inputdev would lead to a use-after-free...

CVE-2023-53454 HID: multitouch: Correct devm device reference for hidinput input_dev name

In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Correct devm device reference for hidinput inputdev name Reference the HID device rather than the input device for the devm allocation of the inputdev name. Referencing the inputdev would lead to a use-after-free...

SUSE CVE-2023-53253

In the Linux kernel, the following vulnerability has been resolved: HID: nvidia-shield: Reference hiddevice devm allocation of inputdev name Use hiddevice for devm allocation of the inputdev name to avoid a use-after-free. inputunregisterdevice would trigger devres cleanup of all resources...

CVE-2023-0945

A vulnerability, which was classified as problematic, was found in SourceCodester Best POS Management System 1.0. Affected is an unknown function of the file index.php?page=add-category. The manipulation of the argument Name with the input " leads to cross site scripting. It is possible to launch...

HFish 跨站脚本漏洞

HFish is a community-based free honeypot open-sourced by HFish.io. A security vulnerability exists in HFish version 0.5.1. Attackers use the vulnerability to insert a payload in the location of the input name , when the administrator to view the information will trigger a cross-site scripting...

Maxwebportal <= 1.36 password.asp Change Password Exploit (2 - php)

No description provided by source. ?php / ------Trap-Set Underground Hacking Team-----------------mhp0rtal---------------------- Greetz to : Alphaprogrammer , Oilkarchack , Str0ke And Iranian Hacking & Security Teams : Alphast , IHS Team , Shabgard Security Team , Emperor Hacking TEam , CrouZ...

Random number generator and input name linebreaks can be used to send custom data to other sites – Opera Security Advisories

Random number generator and input name linebreaks can be used to send custom data to other sites – Opera Security Advisories OPCOM Team | June 10, 2009 Severity Moderately severe Problem description Input names can contain line breaks when data is sent using POST. Suitable use of the random numbe...