84 matches found
phpMyFAQ 跨站脚本漏洞
phpMyFAQ is a multilingual, database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Utils::parseUrl function, which allowed authenticated users to inject JavaScript through...
Improper Encoding or Escaping of Output
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the Utils::parseUrl function during comment rendering. An attacker can execute arbitrary JavaScript in the...
CVE-2026-6141
A vulnerability was determined in danielmiessler PersonalAIInfrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parseurl.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclos...
CVE-2026-6141
A vulnerability was determined in danielmiessler PersonalAIInfrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parseurl.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclos...
CVE-2026-6141
A vulnerability was determined in danielmiessler PersonalAIInfrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parseurl.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclos...
CVE-2026-6141 danielmiessler Personal_AI_Infrastructure parse_url.ts os command injection
A vulnerability was determined in danielmiessler PersonalAIInfrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parseurl.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclos...
OSV-2026-209 Use-of-uninitialized-value in ntrip_parse_url
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=482281265 Crash type: Use-of-uninitialized-value Crash state: ntripparseurl FuzzClient.c...
MiracleLinux 7 : php-5.4.16-48.0.7.el7.AXS7 (AXSA:2025-10750:06)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10750:06 advisory. CVE-2025-1220: error if host contains null bytes in the middle of the string CVEs: CVE-2025-1220 In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3...
EUVD-2022-5923
Malicious code in bioql PyPI...
EUVD-2022-5979
Malicious code in bioql PyPI...
EUVD-2022-6852
Malicious code in bioql PyPI...
EUVD-2022-6083
Malicious code in bioql PyPI...
EUVD-2022-6127
Malicious code in bioql PyPI...
AZL-65250 CVE-2025-1220 affecting package php for versions less than 8.1.33-1
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname in different way, thus openin...
UBUNTU-CVE-2025-1220
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname in different way, thus openin...
SUSE CVE-2025-1220
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname in different way, thus openin...
CVE-2022-3224
Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...
CVE-2022-2218
Cross-site Scripting XSS - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0...
CVE-2022-2216
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 7.0.0...
CVE-2022-2900
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...