Salvo is vulnerable to reflected XSS in the list_html function

Summary The function listhtml generates an file view of a folder which includes a render of the current path, in which its inserted in the HTML without proper sanitation, leading to reflected XSS. The request path is decoded and normalized in the matching stage but is not inserted raw in the HTML...

CVE-2025-67931

Insertion of Sensitive Information Into Sent Data vulnerability in AITpro BulletProof Security bulletproof-security allows Retrieve Embedded Sensitive Data.This issue affects BulletProof Security: from n/a through = 6.9...

CVE-2019-16950

An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. The QueueName parameter of a GET request allows for insertion of user-supplied JavaScript...

CVE-2025-68014

Insertion of Sensitive Information Into Sent Data vulnerability in awethemes AweBooking awebooking allows Retrieve Embedded Sensitive Data.This issue affects AweBooking: from n/a through = 3.2.26...

CVE-2025-68033

The CVE-2025-68033 entry concerns Custom Related Posts (Brecht) for WordPress, affecting versions up to 1.8.0. It is an Unauthenticated Information Exposure vulnerability described as Insertion of Sensitive Information Into Sent Data, enabling retrieval of embedded sensitive data. Wordfence detai...

CVE-2025-59003

Insertion of Sensitive Information Into Sent Data vulnerability in inkthemescom ColorWay colorway allows Retrieve Embedded Sensitive Data.This issue affects ColorWay: from n/a through = 4.2.3...

CVE-2025-62126

Insertion of Sensitive Information Into Sent Data vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching vcaching allows Retrieve Embedded Sensitive Data.This issue affects Varnish/Nginx Proxy Caching: from n/a through = 1.8.3...

CVE-2025-59136

Insertion of Sensitive Information Into Sent Data vulnerability in Efí Bank Gerencianet Oficial woo-gerencianet-official allows Retrieve Embedded Sensitive Data.This issue affects Gerencianet Oficial: from n/a through = 3.1.3...

CVE-2025-62126

CVE-2025-62126 affects Varnish/Nginx Proxy Caching (versions from n/a up to 1.8.3). Root cause: Insertion of Sensitive Information Into Sent Data, enabling exposure of embedded sensitive data via the proxy. Impact: sensitive information exposure via cached responses. Exploit details are not provi...

EUVD-2025-206012

Insertion of Sensitive Information Into Sent Data vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching allows Retrieve Embedded Sensitive Data.This issue affects Varnish/Nginx Proxy Caching: from n/a through 1.8.3...

SUSE CVE-2023-54224

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix lockdep splat and potential deadlock after failure running delayed items When running delayed items we are holding a delayed node's mutex and then we will attempt to modify a subvolume btree to insert/update/delete the...

PT-2025-54345

Name of the Vulnerable Software and Affected Versions Vladimir Statsenko Terms descriptions versions through 3.4.9 Description A flaw exists in Vladimir Statsenko Terms descriptions that allows retrieval of embedded sensitive data due to insertion of sensitive information into sent data...

PT-2025-54328

Name of the Vulnerable Software and Affected Versions Inkthemescom Black Rider versions through 1.2.3 Description An issue exists in Inkthemescom Black Rider that allows retrieval of embedded sensitive data due to insertion of sensitive information into sent data. Recommendations Update to a...

PT-2025-54357

Name of the Vulnerable Software and Affected Versions Efí Bank Gerencianet Oficial versions through 3.1.3 Description An issue exists in Efí Bank Gerencianet Oficial that allows retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. Recommendations Upda...

PT-2025-54365

Name of the Vulnerable Software and Affected Versions Varnish/Nginx Proxy Caching versions through 1.8.3 Description A flaw exists in Varnish/Nginx Proxy Caching that allows for the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. Recommendations...

CVE-2024-58315 Tosibox Key Service 3.3.0 Local Privilege Escalation via Unquoted Service Path

Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting malicious code in the system root path, enabling unauthorize...

CVE-2023-54224

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix lockdep splat and potential deadlock after failure running delayed items When running delayed items we are holding a delayed node's mutex and then we will attempt to modify a subvolume btree to insert/update/delete the...

EUVD-2025-205747

Insertion of Sensitive Information Into Sent Data vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp contact-form-7-mailchimp-extension allows Retrieve Embedded Sensitive Data.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through = 0.9.49...

CVE-2023-54224 btrfs: fix lockdep splat and potential deadlock after failure running delayed items

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix lockdep splat and potential deadlock after failure running delayed items When running delayed items we are holding a delayed node's mutex and then we will attempt to modify a subvolume btree to insert/update/delete the...

CVE-2025-68989

Insertion of Sensitive Information Into Sent Data vulnerability in Renzo Johnson contact-form-7-mailchimp-extension contact-form-7-mailchimp-extension allows Retrieve Embedded Sensitive Data.This issue affects contact-form-7-mailchimp-extension: from n/a through = 0.9.68...