5777 matches found
PT-2026-27777
Name of the Vulnerable Software and Affected Versions Support Board version 3.7.7 Description A Reflected Cross Site Scripting XSS issue exists in Support Board. This allows an attacker to execute JavaScript code in a user's browser. The attack vector involves sending a malicious URL to a victim,...
PT-2026-27991
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.7 through 18.8.6 GitLab CE/EE versions 18.9 through 18.9.2 GitLab CE/EE versions 18.10 through 18.10.0 Description An authenticated user could execute arbitrary JavaScript in a user's browser. This is due to improper...
Authorization Bypass Through User-Controlled Key
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the ClickNLoad feature. An attacker can gain unauthorized access to endpoints intended for localhost by...
CVE-2026-33511
pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...
A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution
Summary PinchTab v0.8.3 through v0.8.5 allow arbitrary JavaScript execution through POST /wait and POST /tabs/id/wait when the request uses fn mode, even if security.allowEvaluate is disabled. POST /evaluate correctly enforces the security.allowEvaluate guard, which is disabled by default. Howeve...
GHSA-W5PC-M664-R62V A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution
Summary PinchTab v0.8.3 through v0.8.5 allow arbitrary JavaScript execution through POST /wait and POST /tabs/id/wait when the request uses fn mode, even if security.allowEvaluate is disabled. POST /evaluate correctly enforces the security.allowEvaluate guard, which is disabled by default. Howeve...
CVE-2026-33511
CVE-2026-33511 concerns pyload-ng/pyLoad where the local_check decorator in the ClickNLoad feature can be bypassed via HTTP Host header spoofing, enabling unauthenticated remote access to localhost‑restricted endpoints and allowing injection of arbitrary downloads, file writes to the storage dire...
CVE-2026-33511 pyload-ng: Authentication Bypass via Host Header Injection in ClickNLoad
pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...
CVE-2026-33511
pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...
EUVD-2026-15001
pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...
PT-2026-27629
Name of the Vulnerable Software and Affected Versions PinchTab versions 0.8.3 through 0.8.5 Description PinchTab versions 0.8.3 through 0.8.5 contain a security bypass that allows arbitrary JavaScript execution through the POST /wait and POST /tabs/id/wait API endpoints when using fn mode, even i...
PT-2026-27492
pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the local check decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...
CVE-2026-32851
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in...
CVE-2026-33517
Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, when deleting a Tag tagdelete.php, improper escaping of its name when displaying the confirmation message allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript. Versi...
CVE-2026-32852
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in...
CVE-2026-33548
Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has...
CVE-2026-33517
Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, when deleting a Tag tagdelete.php, improper escaping of its name when displaying the confirmation message allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript. Versi...
CVE-2026-33517 MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation
Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, when deleting a Tag tagdelete.php, improper escaping of its name when displaying the confirmation message allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript. Versi...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized processing of Bazaar package metadata. An attacker can execute arbitrary JavaScript code in the context of the application, potentially leading to remote code execution by submitting crafted...
PT-2026-27182
Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker versions prior to 2.28.1 Description Mantis Bug Tracker is an open source issue tracker. A flaw exists in version 2.28.0 where improper escaping of a tag name during the display of a confirmation message when deleting a tag...