CVE-2026-33261

CVE-2026-33261 describes a denial of service triggered by a zone transition from NSEC to NSEC3, linked to a null pointer access in the aggressive NSEC(3) cache. The description from CVE records (Vuln NLP) indicates internal inconsistency during the NSEC/NSEC3 transition can lead to DoS. The conne...

XSS-Lab-Handson-3-TI-WEB2

Nama : Ronald Saut Manurung NIM : 2481022 Prodi : Tekni...

davids-xss-attack-defense

XSS Attack & Defense EXPERIMENT 1: Stored XSS Attack aler...

davids-xss-lab

XSS Attack & Defense EXPERIMENT 1: Stored XSS Attack aler...

PT-2026-6588

Name of the Vulnerable Software and Affected Versions P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 Description P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 are affected by a stored cross-site scripting issue. Input provided to various GET/POST parameters is not adequately sanitized...

phoc commander, varios,

Update to latest secure version https://www.phoca.cz/news/1384-phoca-commander-version-5-0-2-and-4-0-1-released...

The Umbraco Heartcore headless client library uses a vulnerable Refit dependency package

Impact The Heartcore headless client library depends on Refit to assist in making HTTP requests to Heartcore public APIs. Refit recently published an advisory regarding a CRLF injection vulnerability whereby it is possible for a malicious user to smuggle additional headers or potentially body...

CVE-2025-21617

CVE-2025-21617 affects the Guzzle OAuth Subscriber (PHP) where Nonce generation in OAuth 1.0 authentication did not use sufficient entropy or a cryptographically secure PRNG prior to version 0.8.1. The issue enables potential replay attacks when TLS is not used. The vulnerability is fixed in 0.8....

PT-2024-12016 · Google · Google My Business

Name of the Vulnerable Software and Affected Versions: Reviews and Rating – Google My Business versions n/a through 4.14 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This problem can be...

CVE-2022-31155 Unauthorized overwriting of saved searches in Sourcegraph

Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users’ saved searches, only...

CVE-2021-3198 Ivanti MobileIron Core clish Restricted Shell Escape via OS Command Injection

By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0...

WordPress Plugin Podlove Podcast Publisher Cross Site Scripting and SQL Injection Vulnerabilities

The second plugin that will be dissected is called Podlove Publisher, a Wordpress plugin to manage podcasts. It suffered from multiple SQL injections and cross-site scripting vulnerabilities funnily enough also in a parameter named tab that are fixed by now. The SQL injections were all caused by...

SOL17172 - OpenJDK vulnerability CVE-2015-2638

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

Denial of Service attack through vulnerable Xerces-J library

quote There is WebDav endpoint that is accessible via following URL - https://pwnie.ninja/confluence/plugins/servlet/confluence/default . It is possible to pass XML as data for PROPFIND request. Following python code will generate XML with long pseudo-attribute name that exploits CVE-2013-4002...

SOL16396 - GnuPG vulnerability CVE-2013-4576

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

SOL16398 - Python vulnerability CVE-2006-4980

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

SOL15900 - Apache HTTP server vulnerability CVE-2012-3499

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...

SOL15388 - OpenSSL vulnerability CVE-2011-4108

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. BIG-IP 11.x To...

SOL15160 - GnuTLS vulnerability CVE-2014-0092

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. For affected ARX...

Omni-Secure 5 / 6 / 7 Remote File Disclosure

Omni-Secure versions 5, 6, and 7 suffer from a remote file disclosure vulnerability. Remote File Discloure "Omni-secure" version 5 / 6 / 7 Viva Egypt & Grief and sorrow for the disaster Assiut, fUCK U QANDIL Greetz to : EL MOGHAZY & EL Mery Author:Mohamed Gaber "HackerEgy in the paste : " email...