21 matches found
EUVD-2026-29368
SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...
CVE-2025-14560
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious conten...
Improper Input Validation
@anthropic-ai/claude-code is vulnerable to Improper Input Validation. The vulnerability is due to an error in command parsing that allows an attacker to bypass the confirmation prompt and trigger execution of untrusted commands by injecting malicious content into a Claude Code context window...
CVE-2025-9642 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could allow an attacker to inject malicious content that may lead to account takeover...
WSO2 Identity Server 安全漏洞
WSO2 Identity Server IS is an identity server from WSO2, Inc. A security vulnerability exists in WSO2 Identity Server IS that stems from improper handling of error messages and could lead to malicious content injection and social engineering attacks...
UBUNTU-CVE-2025-7734
An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content...
GitLab 跨站脚本漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A cross-site scripting vulnerability exists in GitLab CE/EE versions prior to...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Tomcat vulnerability (USN-7525-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7525-1 advisory. It was discovered that Apache Tomcat incorrectly implemented partial PUT functionality by replacing path separators with dots ...
Rails HTML Sanitizers 跨站脚本漏洞
Rails HTML Sanitizers is an HTML cleanup tool from the US Rails team for use in Rails applications. A cross-site scripting vulnerability exists in Rails HTML Sanitizers version 1.6.0, which stems from a cross-site scripting vulnerability under certain configurations that could easily lead to...
CVE-2024-45808
A flaw was found in envoy. Affected versions of envoy may allow malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the REQUESTEDSERVERNAME field for access loggers. Mitigation Mitigation for this issue is either not availab...
Mattermost: Posts sent via websockets aren't sanitized properly
The posts sent via websockets in the Mattermost application were not properly sanitized, allowing attackers to inject malicious content. The vulnerability enabled the creation of customized permalink embeds and YouTube embeds with arbitrary content, which could lead to denial-of-service issues an...
GHSA-PWGC-W4X9-GW67 changedetection.io Cross-site Scripting vulnerability
Summary Input in parameter notificationurls is not processed resulting in javascript execution in the application Details changedetection.io version: v0.45.21 https://github.com/dgtlmoon/changedetection.io/blob/0.45.21/changedetectionio/forms.pyL226 for serverurl in field.data: if not...
CVE-2023-44294
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance between v5.10.00.00 and v5.18.00.00, a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially...
CVE-2023-44293
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance between v5.10.00.00 and v5.18.00.00, a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially le...
External Control of Assumed-Immutable Web Parameter
Overview Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter due to improper escape of the " character in the generatemultipart function, which allows injecting malicious content to the filename parameter via the Content-Disposition header. PoC...
Ghost unauthorized newsletter modification vulnerability
Talos Vulnerability Report TALOS-2022-1624 Ghost unauthorized newsletter modification vulnerability December 21, 2022 CVE Number CVE-2022-41654 SUMMARY An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted...
PT-2022-6734 · Ruby +10 · Cgi +10
Name of the Vulnerable Software and Affected Versions: cgi gem versions 0.1.0.0 through 0.1.0.1 cgi gem versions 0.2.0 through 0.2.1 cgi gem versions 0.3.0 through 0.3.4 Description: The issue is related to HTTP response splitting, which occurs when untrusted user input is inserted into an HTTP...
CVE-2020-1198
A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...
Cross site scripting
A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...
Ruby has an unspecified vulnerability (CNVD-2020-12798)
Ruby is a simple and fast object-oriented object-oriented programming scripting language. An unspecified vulnerability exists in Ruby. An attacker could exploit the vulnerability by inserting line breaks to split headers and inject malicious content to spoof the client...