Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the MarkdownBody class, where user-supplied markdown content is rendered without proper URL sanitization due to an overridden urlTransform function. An attacker can execute arbitrary JavaScript in the context...

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the EPG link processing, which fails to properly validate URLs using the intended isSSRFSafeURL function. An attacker can caus...

CVE-2026-25185

Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...

EUVD-2026-10655

Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-25185

Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-25185

Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...

CVE-2025-24853 Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Header Link processing

A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki team showed that the markdown parser allowed this...

CVE-2025-24853

CVE-2025-24853 affects Apache JSPWiki. The issue is a Cross-Site Scripting (XSS) vulnerability in header link processing, caused by unsafely handling header links created via wiki markup (and, per later research, the markdown parser). When exploited, an attacker could cause JavaScript execution i...

The vulnerability of Nomad application developers, related to errors in processing hypertext links, allows attackers to compromise the integrity of the protected information.

The vulnerability of Nomad application developers is related to errors in processing hypertext links. Exploiting this vulnerability can allow an attacker to compromise the integrity of the protected information...

The vulnerability of the backup and data restoration plugins on Acronis Backup software for computers and servers targets programming environments such as cPanel & WHM, Plesk, and DirectAdmin, running on Linux operating systems. This vulnerability allows attackers to gain increased privileges.

The vulnerability of the backup and data restoration plugins on Acronis Backup software for computers and servers, as well as for cPanel & WHM, Plesk, and DirectAdmin operating systems on Linux, is related to errors in link processing. Exploiting this vulnerability allows a malicious actor to...

The vulnerability of the software for detecting vulnerabilities and errors in PT Application Inspector, related to link processing errors, allows attackers to enhance their privileges and gain unauthorized access to protected information.

The vulnerability of the PT Application Inspector’s software for detecting vulnerabilities and errors is related to errors in link processing. Exploiting this vulnerability allows a malicious actor to enhance their privileges and gain unauthorized access to protected information...

PT-2023-6373 · Wago · Wago

Name of the Vulnerable Software and Affected Versions: Wago products affected versions not specified Description: The issue allows a remote attacker with administrative privileges to access files through an undocumented local file inclusion. This access is logged in a different log file than...

The vulnerability of backup and data recovery software on computers and servers with Acronis Agent lies in errors during link processing, which allows attackers to exploit their privileges.

The vulnerability of backup and data recovery software on computers and servers with Acronis Agent is related to errors in handling links. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Acronis Cyber Protect Home Office backup and recovery software lies in errors during link processing, which allows attackers to exploit their privileges.

The vulnerability of the Acronis Cyber Protect Home Office backup and recovery software is related to errors in handling links. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Mozilla Firefox browser, related to errors in processing hypertext links, allows a hacker to convert a URL address into a local path and gain unauthorized access to protected information.

The vulnerability of the Mozilla Firefox browser is related to errors in processing hypertext links. Exploiting this vulnerability allows an attacker to convert a URL address into a local path and gain unauthorized access to protected information...

The vulnerability of the McAfee Total Protection antivirus protection, related to errors in processing symbolic links, allows attackers to enhance their privileges.

The vulnerability of the McAfee Total Protection antivirus protection lies in errors in processing symbolic links. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Firefox browser for Android, related to errors in processing hypertext links, allows attackers to gain access to confidential data.

The vulnerability of the Firefox browser for Android is related to errors in processing hypertext links. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

The vulnerability of the categoryId parameter in the WWebView component of the MCE Systems mobile device lifecycle management system allows attackers to enhance their privileges.

The vulnerability of the categoryId parameter in the WWebView component of the MCE Systems lifecycle management system is related to errors in link processing before accessing a file, as well as deserialization of the PendingDynamicLinkData structure from the Intent Extra array with the key...

The vulnerability of the FTP protocol implementation on the StarOS operating system on Cisco ASR 5000 routers allows a hacker to gain unauthorized access to protected information.

The vulnerability of the FTP SFTP protocol implementation on the StarOS operating system of Cisco ASR 5000 routers is related to errors in link processing. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information from a remote location...

libarchive security and bug fix update

3.3.2-7 - fix use-after-free in delayed newc link processing 1602575 - fix a few obvious resource leaks and strcpy misuses 1602575 3.3.2-6 - fixed use after free in RAR decoder 1700752 - fixed double free in RAR decoder 1700753 3.3.2-5 - release bump due to gating 1680768 3.3.2-4 - fix...