EUVD-2025-35820

The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to unauthorized access to functionality provided by the API due to a missing capability check on the verifyRequest function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, wi...

EUVD-2018-10341

Malware in sbrugna...

EUVD-2024-53723

Malicious code in bioql PyPI...

CVE-2024-57725

An issue in the Arcadyan Livebox Fibra PRV3399BBLT allows a remote or local attacker to modify the GPON link value without authentication, causing an internet service disruption via the /firstconnection.cgi endpoint...

CVE-2023-36085

The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to...

CVE-2022-20863

A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly handle character...

CVE-2020-4125

Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files from the RHEL environment by doing some modification in the link, giving the attacker access to confidential information...

Unspecified Vulnerability in Softaculous Virtualizor WHMCS Module

softaculous is a tool that assists customers in quickly installing web programs. A security vulnerability in the WHMCS Reseller module in Softaculous Virtualizor prior to version 2.9.1.0 allows an attacker to take control of other virtual machines managed by Virtualizor by accessing a modified UR...

BSNL Teracom Router Firmware Rewrite / Link Modification

Multiple Vulnerabilities in TERACOM ROUTER Author: Ajay Gowtham aka AJOXR Contact: gowtham.ajay5 at gmail.com Vulnerability Type: Insecure Upload File Permissions Affected Module: Upload Functionality Criticality: Medium Device Model: BSNL Teracom T2-B-Gawv1.4U10Y-BI is WiFi enabled ADSL2+...

CVE-2016-2784

CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting XSS attacks via a crafted HTTP Host header in a request...

TYPO3 Url Arbitrary Domain Modification Vulnerability

TYPO3 is an open source content management system CMS and content management framework CMF. TYPO3 suffers from a Url Arbitrary Domain Modification vulnerability that allows remote attackers to alter url links to arbitrary domains via unknown vectors...

php云问答功能处存储型xss

简要描述： 需要主动触发。 详细说明： http://www.hr135.com/ask/index.php 测试地址：http://www.hr135.com/ask/index.php?c=content&id=162 超级链接写入：javascriptalert1 &NewLine是HTML5新增的实体命名编码 firebug之类工具修改链接名称增加欺骗性 成功触发JS 使用追问功能再次添加超级链接：javascriptalertdocument.cookie 成功弹出cookie 漏洞证明：...

CVE-2001-1172

OmniSecure HTTProtect 1.1.1 allows a superuser without omnish privileges to modify a protected file by creating a symbolic link to that file...

CVE-1999-1317

Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the ?? object folder using a different case letter upper or lower to point to a different device...