Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the MarkdownBody class, where user-supplied markdown content is rendered without proper URL sanitization due to an overridden urlTransform function. An attacker can execute arbitrary JavaScript in the context...

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the EPG link processing, which fails to properly validate URLs using the intended isSSRFSafeURL function. An attacker can caus...

CVE-2026-25185

Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...

EUVD-2026-10655

Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-25185

Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-25185

Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...

CVE-2025-24853

CVE-2025-24853 affects Apache JSPWiki. The issue is a Cross-Site Scripting (XSS) vulnerability in header link processing, caused by unsafely handling header links created via wiki markup (and, per later research, the markdown parser). When exploited, an attacker could cause JavaScript execution i...

CVE-2025-24853 Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Header Link processing

A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki team showed that the markdown parser allowed this...

PT-2023-6373 · Wago · Wago

Name of the Vulnerable Software and Affected Versions: Wago products affected versions not specified Description: The issue allows a remote attacker with administrative privileges to access files through an undocumented local file inclusion. This access is logged in a different log file than...

libarchive security and bug fix update

3.3.2-7 - fix use-after-free in delayed newc link processing 1602575 - fix a few obvious resource leaks and strcpy misuses 1602575 3.3.2-6 - fixed use after free in RAR decoder 1700752 - fixed double free in RAR decoder 1700753 3.3.2-5 - release bump due to gating 1680768 3.3.2-4 - fix...