EUVD-2024-0820

Malicious code in bioql PyPI...

CVE-2025-57923

Insertion of Sensitive Information Into Sent Data vulnerability in Ideal Postcodes UK Address Postcode Validation uk-address-postcode-validation allows Retrieve Embedded Sensitive Data.This issue affects UK Address Postcode Validation: from n/a through = 3.9.2...

Linux Distros Unpatched Vulnerability : CVE-2024-29881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE's content loading and content inserting code. A S...

GHSA-5359-PVF2-PW78 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements

Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. Fix TinyMCE 6.8.1 introduced a new convertunsafeembeds opti...

CVE-2024-29881

TinyMCE is affected by an XSS vulnerability (CVE-2024-29881) in its handling of external SVG content loaded via object/embed during content loading/insertion. The root cause is improper validation of user-supplied input via SVGs, allowing a payload to execute in the context of the hosting site. T...

CVE-2024-29881 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. This vulnerability is...

CVE-2024-29881

Removed by vendor...

Tiny Technologies TinyMCE 安全漏洞

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies. A security vulnerability exists in TinyMCE versions prior to 7.0.0, which stems from a cross-site scripting XSS vulnerability in the content loading and content inserting code...

PT-2024-23105

Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 6.8.1 TinyMCE versions prior to 7.0.0 Description A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed...

Mozilla: Out-of-bounds memory access when inserting text in edit mode

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When inserting text in edit mode, some characters might have led to out-of-bounds memory access, causing a potentially exploitable crash...

CVE-2021-33988

Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...

CVE-2016-0348

Cross-site request forgery CSRF vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111813...

CVE-2017-1433

IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803...

PHP file include vulnerability attack and Defense combat-vulnerability warning-the black bar safety net

Summary PHP is a very popular Web development language on the Internet many Web applications are using PHP development. And in the use of PHP development of Web applications, PHP file include vulnerability is a Common Vulnerability. The use of PHP file include vulnerabilities intrusion website is...

PlumeCMS 1.2.4 Cross Site Request Forgery

+--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : PlumeCMS CSRF Exploit to add and publish News input type="hidden" n...

CVE-2007-5488

Multiple SQL injection vulnerabilities in cdraddonmysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the 1 source and 2 destination numbers, and probably 3 SIP URI, when inserting a record...