NPM: Electerm users can run dangrous code through link or command line

NPM: Electerm users can run dangrous code through link or command line vulnerability discovered by ? in WordPress Npm electerm versions = 3.0.6, 3.8.8...

CVE-2025-62185

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...

CVE-2025-52353

An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the server executes the PHP payload,...

CVE-2021-42552

Cross-site Scripting XSS vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim's browser. This issue affects all ArchivistaBox versions prior to 2022/I...

GHSA-Q9JV-MM3R-J47R PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters

Bypass XSS sanitizer using the javascript protocol and special characters Product: Phpspreadsheet Version: version 3.6.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVSS vector v.3.1: 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS vector v.4.0:...

CVE-2023-51071

An access control issue in QStar Archive Solutions Release RELEASE3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a link...

PT-2022-6496 · Apache · Apache Openoffice +1

Name of the Vulnerable Software and Affected Versions: Apache OpenOffice affected versions not specified Description: The issue is related to the execution of links in Apache OpenOffice documents that can call internal macros with arbitrary arguments. Several URI Schemes are defined for this...

CVE-2020-15258

In Wire before 3.20.x, shell.openExternal was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened. The...

SuSE 10 Security Update : KDE PIM packages (ZYPP Patch Number 6160)

This updates of KMail does not executes links in mail without confirmation anymore. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41531; scriptversion"1.10";...

openSUSE Security Update : kdepim3 (kdepim3-770)

This updates of KMail does not executes links in mail without confirmation anymore. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update kdepim3-770. The text description of this plugin is C SUSE...

openSUSE Security Update : kde4-akonadi (kde4-akonadi-806)

This kdepim4 and kdepimlibs4 update fixes lots of bugs and one security issue : KMail 4.1.x executes links in mail without confirmation. no cve assigned yet It also fixes lots of non-security bugs : kdepim4 : - kdepim: make sure we initially create items for subresources - kdepim: fix...

Sambar Server 5.x/6.0/6.1 - Server Referer Cross-Site Scripting

source: https://www.securityfocus.com/bid/13722/info Sambar Server administrative interface does not adequately filter some HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code which will be executed...

Microsoft ASP.NET 1.01.1 - Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities

Microsoft ASP.NET 1.01.1 - Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/12574/info It is reported that ASP.NET is prone to various cross-site scripting attacks. These issues when ASP.NET converts Unicode characters ranging fr...

PHPReactor 1.2.7 pl1 - browse.php Cross-Site Scripting

PHPReactor 1.2.7 pl1 - browse.php Cross-Site Scripting source: https://www.securityfocus.com/bid/5939/info phpReactor is prone to cross-site scripting attacks. An attacker may create a malicious link to a phpReactor site which contains malicious HTML and script code. If this link is visited by a...

Apple Mac OSX 10.2 - Terminal.APP Telnet Link Command Execution

Apple Mac OSX 10.2 - Terminal.APP Telnet Link Command Execution source: https://www.securityfocus.com/bid/5768/info Mac OS X is the BSD-based operating system distributed and maintained by Apple. It has been discovered that some types of links, when clicked on, may result in the execution of...