18 matches found
CVE-2026-40568 FreeScout Vulnerable to XSS via Mailbox Signature Due to Incomplete HTML Sanitization
FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting XSS vulnerability in the mailbox signature feature. The sanitization function Helper::stripDangerousTags app/Misc/Helper.php:568 uses an incomplete blocklist of only four HTM...
CVE-2026-40568
FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting XSS vulnerability in the mailbox signature feature. The sanitization function Helper::stripDangerousTags app/Misc/Helper.php:568 uses an incomplete blocklist of only four HTM...
FreeScout 安全漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from the Helper::stripDangerousTags function used in the...
Mbed TLS -- vulnerabilities
https://mbed-tls.readthedocs.io/en/latest/security-advisories/ reports: Client impersonation while resuming a TLS 1.3 session CVE-2026-34873 Entropy on Linux can fall back to /dev/urandom CVE-2026-34871 PSA random generator cloning CVE-2026-25835 Compiler-induced constant-time violations...
EUVD-2020-15418
Malware in sbrugna...
EUVD-2009-2367
Malware in sbrugna...
EUVD-2013-5485
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2016-1000338
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject ext...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation due to improper validation of SAML response signatures which allows an attacker to inject a malicious, signed XML element as the first signature, bypassing proper verification and enabling impersonation of any SPID or...
CVE-2020-22653
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 SCG200 before 3.6.2.0.795, SmartZone 100 SZ-100 before 3.6.2.0.795, SmartZone 300 SZ300 before 3.6.2.0.795, Virtua...
Open-Xchange OX App Suite 跨站脚本漏洞
Open-Xchange OX App Suite is an e-mail and productivity suite client software from the German company Open-Xchange. A security vulnerability exists in Open-Xchange OX App Suite version 7.10.6 and earlier, which stems from the fact that certain content such as E-Mail signatures are stored using a...
GHSA-4VHJ-98R6-424H In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...
bouncycastle: ECDSA improper validation of ASN.1 encoding of signature
In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...
PT-2018-4636 · Bouncy Castle +3 · Bouncy Castle Jce Provider +3
Name of the Vulnerable Software and Affected Versions: Bouncy Castle JCE Provider versions 1.55 and earlier Description: The issue concerns the validation of ASN.1 encoding of signatures. Specifically, it does not fully validate the encoding on verification, allowing potential injection of extra...
CVE-2017-10620
Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected...
CVE-2013-5645
Multiple cross-site scripting XSS vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in 1 new or 2 draft mode, related to compose.inc; and 3 might allow remote authenticated users to injec...
Cross site scripting
Cross-site scripting XSS vulnerability in modificarPerfil.php in JLMForo System allows remote authenticated users to inject arbitrary web script or HTML via a signature...