CVE-2026-30913

Flarum is open-source forum software. When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting...

CVE-2026-30913

Flarum is open-source forum software. When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting...

flarum/nicknames extension has display name injection in notification emails (autolink & markdown)

Summary When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting attacker-controlled domains...

EUVD-2026-10422

flarum/nicknames extension has display name injection in notification emails autolink & markdown...

EUVD-2026-10423

flarum/nicknames extension has display name injection in notification emails autolink & markdown...

GHSA-3C4M-J3G4-HH25 flarum/nicknames extension has display name injection in notification emails (autolink & markdown)

Summary When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting attacker-controlled domains...

Flarum 安全漏洞

Flarum is an open-source forum software developed by Flarum for building communities. There is a security vulnerability in Flarum. This vulnerability arises when the flarum/nicknames extension is enabled, allowing registered users to set their nicknames as strings that can be interpreted by email...

CVE-2026-30913

Flarum is open-source forum software. When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting...

CVE-2026-30913 flarum/nickname: Display name injection in notification emails (autolink & markdown)

Flarum is open-source forum software. When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting...

PT-2026-24146

Name of the Vulnerable Software and Affected Versions Flarum affected versions not specified Description The Flarum forum software, when used with the flarum/nicknames extension, allows a registered user to set a nickname that email clients may interpret as a hyperlink. This nickname is directly...

WordPress plugin StatCounter – Free Real Time Visitor Stats 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-23873

CVE-2026-23873 affects HustOJ, an open-source online judge (PHP/C++, MySQL/Linux). All versions are vulnerable to CSV/Formula Injection via contest rank export (contestrank.xls.php and admin/ranklist_export.php). User input in fields like Nickname is not sanitized before exporting to an .xls file...

Malicious code in gita-keripik28-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c98b0b003038cbfdc283836a78f3d9c24979867b4f3c26e8f9fdac250daf6f10 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2007-3235

Malware in sbrugna...

EUVD-2008-1925

Malware in sbrugna...

EUVD-2004-1487

Malware in sbrugna...

EUVD-2025-28126

Malicious code in bioql PyPI...

PT-2024-12183 · Skoda · Skoda Automotive Cloud

Name of the Vulnerable Software and Affected Versions: Skoda Automotive cloud affected versions not specified Description: The issue allows attackers to obtain nicknames and other user identifiers of Skoda Connect service users by specifying an arbitrary vehicle VIN number, due to a Broken Access...

Skoda Security Breach

Skoda is a line of automobiles from Skoda Inc. A security vulnerability exists in Skoda Automotive that originates from allowing access to user nicknames and identifiers by specifying arbitrary vehicle VIN numbers...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an information disclosure vulnerability that stems from the inability to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint, which can be exploited by...