GHSA-37J7-FG3J-429F Happy DOM: VM Context Escape can lead to Remote Code Execution

Escape of VM Context gives access to process level functionality Summary Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the user runs untrusted...

Happy DOM: VM Context Escape can lead to Remote Code Execution

Escape of VM Context gives access to process level functionality Summary Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the user runs untrusted...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview @astrojs/node is a Deploy your site to a Node.js server Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the X-Forwarded-Host header when using the Astro.url property without validation. An attacker c...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the X-Forwarded-Host header when using the...

Astro's `X-Forwarded-Host` is reflected without validation

Summary When running Astro in on-demand rendering mode using a adapter such as the node adapter it is possible to maliciously send an X-Forwarded-Host header that is reflected when using the recommended Astro.url property as there is no validation that the value is safe. Details Astro reflects th...

GHSA-5FF5-9FCW-VG88 Astro's `X-Forwarded-Host` is reflected without validation

Summary When running Astro in on-demand rendering mode using a adapter such as the node adapter it is possible to maliciously send an X-Forwarded-Host header that is reflected when using the recommended Astro.url property as there is no validation that the value is safe. Details Astro reflects th...

CVE-2025-61925

Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...

CVE-2025-61925 Astro's `X-Forwarded-Host` is reflected with no validation

Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...

[SECURITY] Fedora 41 Update: webkitgtk-2.50.0-2.fc41

WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...

PT-2025-41594

Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.3.1 Description The application does not properly sanitize user input in the "Bill To" address field within the estimate module. This allows for the injection of arbitrary HTML that is rendered without escaping in...

CVE-2025-35060

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

CVE-2025-11539

Grafana Image Renderer (grafana-image-renderer) is affected by an ARBITRARY FILE WRITE leading to remote code execution via /render/csv, where a lack of validation of filePath allows saving a shared object to an arbitrary location loaded by Chromium. Affected versions are 1.0.0 through 4.0.16. Ex...

CVE-2025-53354

NiceGUI is a Python-based UI framework. Versions 2.24.2 and below are at risk for Cross-Site Scripting XSS when developers render unescaped user input into the DOM using ui.html. NiceGUI did not enforce HTML or JavaScript sanitization, so applications that directly combine components like ui.inpu...

EUVD-2018-7987

Malware in sbrugna...

EUVD-2011-1030

Malware in sbrugna...

EUVD-2018-0807

Malware in sbrugna...

EUVD-2016-7793

Malware in sbrugna...

EUVD-2004-1054

Malware in sbrugna...

EUVD-2017-11959

Malware in sbrugna...

EUVD-2014-1584

Malware in sbrugna...