CVE-2026-45011

ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widget functionality. A user with the Editor role can configure an image widget link to use a javascript: URL payload. Because editors have permission to...

CVE-2026-45745

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop Electron disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured...

SUSE CVE-2026-27730

esm.sh is a no-build content delivery network CDN for web development. Versions up to and including 137 have an SSRF vulnerability CWE-918 in esm.sh's /https fetch route. The service tries to block localhost/internal targets, but the validation is based on hostname string checks and can be bypass...

CVE-2024-41808

The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. ...

EUVD-2024-0448

Malicious code in bioql PyPI...

CVE-2025-53924

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the siteurl parameter. It is possible to inject malicious code into siteurl parameter...

CVE-2025-53925

CVE-2025-53925 affects Emlog up to version 2.5.17. A cross-site scripting (XSS) flaw exists in the file upload functionality that lets an authenticated user upload an SVG containing JavaScript, which can be executed in the victim’s context. The root cause is insufficient handling/cleanup of uploa...

CVE-2023-42443

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In version 0.3.9 and prior, under certain conditions, the memory used by the builtins rawcall, createfromblueprint and createcopyof can be corrupted. For rawcall, the argument buffer of the call can be corrupted,...

Multiple rtmpdump vulnerabilities

The version of rtmpdump contained in this package has multiple known vulnerabilities. Patches This package is abandoned and should not be used anymore. There is no patched release. Workarounds You should install rmtpdump from another source. References...

PT-2025-6216 · Rtmpdump · Rtmpdump

Name of the Vulnerable Software and Affected Versions: rtmpdump affected versions not specified Description: The version of rtmpdump contained in the package has multiple known issues. There is no patched release available. It is recommended to install rtmpdump from another source. Recommendation...

WordPress Chaty plugin <= 2.8.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress Chaty plugin versions = 2.8.3. Solution No patched version is available...

santacecilia.it XSS vulnerability

Vulnerable URL: http://www.santacecilia.it/paginediservizio/esitoRicercaSito.html?query=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 15.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Ale...

sdchamber.org Open Redirect vulnerability

Vulnerable URL: https://sdchamber.org/?adsclick=1=5743-5742-5739-4799-1=42e94ba4c5=https%3A%2F%2Fopenbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 06.01.2018 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 1420174...

barrierefrechheit.de XSS vulnerability

Vulnerable URL: http://barrierefrechheit.de/search?q=%22%2F%3E%27%3E%22%3EI%3Ci%3EI%3Csvg%2Fonload%3Dalert%28%2Fopenbugbounty%2F%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 03.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank...

aerotec.info XSS vulnerability

Vulnerable URL: https://www.aerotec.info/index.php/component/content/article?id=article=2010241%27%3E%3Csvg/onload=prompt/openbugbounty/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

camp.cz Open Redirect vulnerability

Vulnerable URL: http://www.camp.cz/redirect.ashx?src=DETAIL=www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.12.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 699651 VIP website status:| No Coordinate...

leprosy-information.org Open Redirect vulnerability

Vulnerable URL: https://www.leprosy-information.org/sites/all/modules/patched/pubdlcnt/pubdlcnt.php?file=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.12.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed...

remember.org XSS vulnerability

Vulnerable URL: http://remember.org/auschwitz/bir.php?id=13'"12 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 23.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 499750 VIP website status:| No Coordinated Disclosure Timeline:...

online24.pt XSS vulnerability

Vulnerable URL: https://www.online24.pt/?s=%22%3E%3CimG%2FsRc%3Dl+oNerrOr%3Dprompt%27OPENBUGBOUNTY%27+x%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 452665 VIP website status:...

rwd.hk XSS vulnerability

Vulnerable URL: http://www.rwd.hk/search/%22%3E%3Csvg%20onload%3Dalert%22OPENBUGBOUNTY%22%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 20.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 214161 VIP website status:| No Coordinat...