CVE-2025-27107

CVE-2025-27107 affects Integrated Scripting in Integrated Dynamics for Minecraft servers. The vulnerability allows arbitrary code execution by abusing Java reflection on a thrown exception to escape the JavaScript sandbox in IntegratedScripting’s Variable Cards, enabling an attacker with card cre...

IntegratedScripting 注入漏洞

IntegratedScripting is a Cyclops open source for creating scripts for handling complex operations in integrated dynamics. IntegratedScripting suffers from an injection vulnerability that stems from escaping the JavaScript sandbox via Java reflection on a thrown exception object to construct...

CVE-2023-6943

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1GOT1000 versions 1.325P and prior, GT Designer3 Version1GOT2000 versions 1.320J and prior, GX Works2 versions 1.11M...

OESA-2025-1092 infinispan security update

Infinispan is an extremely scalable, highly available data grid platform - 100% open source, and written in Java. The purpose of Infinispan is to expose a data structure that is highly concurrent, designed ground-up to make the most of modern multi-processor/multi-core architectures while at the...

CVE-2021-39185

Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 through 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 through 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The middleware is also susceptible to a Null...

CVE-2022-47153

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPJobBoard Jobeleon Theme allows Reflected XSS.This issue affects Jobeleon Theme: from n/a through 1.9.1...

CVE-2024-5749

Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials...

CVE-2024-49632

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Senthil Vel CWD 3D Image Gallery cwd-3d-image-gallery allows Reflection Injection.This issue affects CWD 3D Image Gallery: from n/a through = 1.0...

CVE-2024-0200

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...

XVIDEOS: Error Page Content Spoofing or Text Injection

The content spoofing vulnerability on multi.xnxx.com allowed arbitrary text to be injected into error pages. The injected content was reflected back to users under the trusted domain, which could have been exploited for social engineering attacks...

PT-2025-4962 · Unknown · Notifikácie.Sk

Name of the Vulnerable Software and Affected Versions: Notifikácie.sk versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. Specifically, it is a Reflected XSS vulnerability. This means th...

Remote Code Execution (RCE)

system.linq.dynamic.core is vulnerable to Remote code execution RCE. The vulnerability is due to insufficient input validation and improper access control when handling reflection types and static properties/fields in the System.Linq.Dynamic.Core library, allows remote access without proper...

PT-2025-4948 · Cubepm · Cubepm

Name of the Vulnerable Software and Affected Versions: CubePM versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting XSS. This means that an attacker can inject malicious scripts in...

PT-2025-5500 · WordPress · Wp Multi Store Locator

Name of the Vulnerable Software and Affected Versions: WP Multi Store Locator versions 2.4.7 and earlier Description: The issue is related to improper neutralization of script-related HTML tags in a web page, which allows for Reflected XSS attacks. This means that an attacker can inject malicious...

CVE-2025-24025

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.380, the tags page allows users to search for tags. If the search does not return any results, the query gets reflected on the error modal, which leads to cross-site...

Coolify 安全漏洞

Coolify is an open source and self-hosted alternative to Heroku/Netlify/Vercel. coolLabs Coolify suffers from a cross-site scripting vulnerability that stems from allowing a user to search for tags on a tabbed page, and if the search does not return any results, the query is reflected in an error...

PT-2025-4959 · Dforms · Dforms

Name of the Vulnerable Software and Affected Versions: dForms versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This enables potential attackers to inject...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure due to improper handling of property access on reflection types and static properties/fields. An attacker can list installed nuget packages' names and versions through attributes and base types they require by...

GHSA-4CV2-4HJH-77RX Property reflection in System.Linq.Dynamic.Core

An issue in System.Linq.Dynamic.Core versions before v.1.6.0 allow remote access to properties on reflection types and static properties/fields...

Property reflection in System.Linq.Dynamic.Core

An issue in System.Linq.Dynamic.Core versions before v.1.6.0 allow remote access to properties on reflection types and static properties/fields...