NPM: Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click

NPM: Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click vulnerability discovered by ? in WordPress Npm electerm versions = 3.8.15...

DEBIAN-CVE-2026-34446

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path traversal, but completely misses hardlinks because a hardlink looks exactly like a regular file on the...

CVE-2026-33070

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to share...

EUVD-2020-2273

Malware in sbrugna...

EUVD-2006-2902

Malware in sbrugna...

EUVD-2008-3316

Malware in sbrugna...

EUVD-2024-54850

Malicious code in bioql PyPI...

EUVD-2025-24859

Malicious code in bioql PyPI...

EUVD-2025-6260

Malicious code in bioql PyPI...

CVE-2024-39923

An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting XSS due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in...

UBUNTU-CVE-2025-53113

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use the external links feature to fetch...

CVE-2025-53113

GLPI contains a permission/authorization bypass in the external links feature. In versions 0.65 through 10.0.18, a technician can use external links to retrieve information about items they do not have rights to see, leading to unauthorized access to sensitive data. This is fixed in version 10.0....

CVE-2024-37545

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Nick Halsey Floating Social Media Links allows Stored XSS.This issue affects Floating Social Media Links: from n/a through 1.5.2...

CVE-2020-26763

The Rocket.Chat desktop application 2.17.11 opens external links without user interaction...

CVE-2020-0849

An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0840, CVE-2020-0841, CVE-2020-0896...

CVE-2020-0789

A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links, aka 'Visual Studio Extension Installer Service Denial of Service Vulnerability'...

CVE-2005-3697

Unspecified vulnerability in the administration interface in Uresk Links 2.0 Lite allows remote attackers to bypass authentication via unspecified vectors in index.php...

Security Vulnerabilities fixed in Thunderbird ESR 128.9.2 — Mozilla

Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validate...

CVE-2025-2131 dayrui XunRuiCMS Friendly Links cross site scripting

A vulnerability was found in dayrui XunRuiCMS up to 4.6.3. It has been rated as problematic. This issue affects some unknown processing of the component Friendly Links Handler. The manipulation of the argument Website Address leads to cross site scripting. The attack may be initiated remotely. Th...

CVE-2025-27335

Cross-Site Request Forgery CSRF vulnerability in Free plug in by SEO Roma Auto Tag Links auto-tag-links allows Cross Site Request Forgery.This issue affects Auto Tag Links: from n/a through = 1.0.13...