CVE-2026-33393

Discourse contains a vulnerability in the spam protection check for allowed_spam_host_domains. Before versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the check used String#end_with? without domain boundary validation, permitting a suffix-bypass such as attacker-example.com when example.com wa...

CVE-2021-47917

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...

CVE-2021-47917

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...

CVE-2021-47917 Simple CMS 2.1 Persistent Cross-Site Scripting via User Input Parameters

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...

CVE-2021-47917

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...

CVE-2021-47917 Simple CMS 2.1 Persistent Cross-Site Scripting via User Input Parameters

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...

EUVD-2021-34754

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000875)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000875 advisory. Memory leak in the unshareuserns function in kernel/usernamespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service memory...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001826)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001826 advisory. Memory leak in the unshareuserns function in kernel/usernamespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service memory...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002188)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002188 advisory. The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002312)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002312 advisory. Memory leak in the unshareuserns function in kernel/usernamespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service memory...

EUVD-2024-21926

Malicious code in bioql PyPI...

webkitgtk: Improper access management to CLONE_NEWUSER and the TIOCSTI ioctl

A flaw was found in webkitgtk in versions prior to 2.28.3 and in WPE WebKit in versions prior to 2.28.3. The bubblewrap sandbox failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg- desktop-portal, which allows access outside...

CVE-2024-24507

Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component...

CVE-2024-24507

Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component...

Act-On 安全漏洞

Act-On is an email marketing automation platform for businesses from Act-On, Inc. in the United States. A security vulnerability exists in Act-On version 2023. A remote attacker can exploit the vulnerability to execute arbitrary code via the newUser parameter in the login.jsp component...

PT-2024-20427 · Act-On · Act-On

Name of the Vulnerable Software and Affected Versions: Act-On version 2023 Description: The issue allows a remote attacker to execute arbitrary code via the newUser parameter in the "login.jsp" component. This enables the attacker to perform Cross Site Scripting attacks. Recommendations: For Act-...

CVE-2024-24507

Act-On (v2023) is affected by a Cross Site Scripting vulnerability in the login.jsp component, exploitable via the newUser parameter. The issue enables a remote attacker to execute arbitrary code through XSS. The vulnerability is documented across multiple sources (Act-On context; login.jsp; newU...

Cross site scripting

Cross-site scripting XSS vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not ...

statbank.dk XSS vulnerability

Vulnerable URL: https://www.statbank.dk/statbank5a/NewUser/testregister.asp?PLanguage=0 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1475530 VIP website status:| No Check...