PT-2026-44155

TL;DR This vulnerability affects all Kirby sites that allow the use of the link: … KirbyTag, the link: parameter of the image: … KirbyTag, the built-in image block with a link or the HTML importer for blocks, when content is authored by users who may not be fully trusted. The attack requires an...

EUVD-2022-0482

Malicious code in bioql PyPI...

Fedora: Security Advisory (FEDORA-2024-ae2925c3ae)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2009-0499

Cross-site request forgery CSRF vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php...

silverstripe framework 跨站脚本漏洞

silverstripe framework is a set of CMS website frameworks. A security vulnerability exists in silverstripe framework version 2022-04-07 and earlier versions. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via the XMLHttpRequest XHR javascript link tag...

CVE-2022-29969

The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true...

UBUNTU-CVE-2022-29969

The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true...

CVE-2021-45394

An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...

Deserialization of untrusted data

An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...

CVE-2021-45394

CVE-2021-45394 affects Spipu HTML2PDF prior to 5.2.4. Attackers can trigger deserialization of arbitrary data by injecting a malicious tag into the HTML being converted. Impact is described as a deserialization issue; no explicit exploit details provided beyond that. Mitigation: upgrade to versi...

Spipu Html2Pdf 代码问题漏洞

Spipu Html2Pdf is a French Laurent Minguet personal developer of a Php written in Html to Pdf open source converter. Spipu HTML2PDF has a code issue vulnerability in versions prior to 5.2.4, where an attacker can trigger deserialization of arbitrary data by injecting malicious link tags into...

CVE-2011-10027

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/aoldesktoplinktag.rb 2025-10-23 21:12:56+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

4images 1.7.11 File Inclusion

| Title : 4images 1.7.11 Multi Vulnerability | Author : indoushka | email : [email protected] | Dork : Powered by 4images 1.7.11 | Tested on: windows 8.1 Français V.Pro | Download : http://www.4homepages.de/ ======================================= Host Header Attack : Vulnerability...

kernel: isofs: unbound recursion when processing relocated directories

It was found that the parserockridgeinodeinternal function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link CL tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the...

kernel: isofs: unbound recursion when processing relocated directories

It was found that the parserockridgeinodeinternal function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link CL tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the...

security flaw

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an 1 img, 2 link, or 3 style tag, which...

CVE-2005-0945

Cross-site scripting XSS vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in 1 img, 2 link, or 3 mail tags...