61695 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper sanitization of HTML anchor tags in the comment and issue description functionality. An attacker can execute arbitrary JavaScript in the context of another user by injecting malicious links...
CVE-2026-28492
File Browser CVE-2026-28492 affects the File Browser file-management interface. Before v2.61.0, the withHashFile middleware uses filepath.Dir(link.Path) to determine BasePathFs, causing the filesystem root to be set to the parent directory of a public share rather than the share itself. This allo...
CVE-2026-28492
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.0, when a user creates a public share link for a directory, the withHashFile middleware in http/public.go uses...
DEBIAN-CVE-2026-28350
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...
CVE-2025-29165
An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component...
CVE-2026-28350
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...
CVE-2026-26194
creationtimestamp| type| source ---|---|--- 2026-03-05 20:00:34+00:00| seen| https://bsky.app/profile/flarestart.bsky.social/post/3mgdlluyxax24 2026-05-29 16:00:06+00:00| seen| https://t.me/truesecator/8260...
CVE-2026-28350
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...
CVE-2026-28115
creationtimestamp| type| source ---|---|--- 2026-03-05 19:33:30+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgdk3hvnwq2t...
CVE-2026-24457
creationtimestamp| type| source ---|---|--- 2026-03-05 19:33:24+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgdk3bgqqg2c...
CVE-2026-20102
A vulnerability in the SAML 2.0 single sign-on SSO feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the SAML feature and access sensitive,...
CVE-2026-20149
A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. Cisco has addressed this vulnerability, and no customer action is needed. This vulnerability was due to improper filtering of user-supplied input. Prior to this...
GHSA-XRCR-GMF5-2R8J Gogs: Stored XSS via data URI in issue comments
Summary A Stored Cross-site Scripting XSS vulnerability exists in the comment and issue description functionality. The application's HTML sanitizer explicitly allows data: URI schemes, enabling authenticated users to inject arbitrary JavaScript execution via malicious links. Details The...
CVE-2025-70232
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter...
CVE-2025-70233
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard...
CVE-2025-70233
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard...
CVE-2025-70232
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter...
CVE-2025-70231
D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting in a path traversal vulnerability...
CVE-2025-70230
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS...
CVE-2025-70229
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule...