CVE-2025-71210

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via...

Parse Server 访问控制错误漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. Versions of Parse Server prior to 8.6.66 and 9.7.0-alpha.10 contain an access control vulnerability. This vulnerability stems from the GraphQL API endpoints not...

CVE-2025-0277

HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy CSP. An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content...

EUVD-2025-12635

Malicious code in bioql PyPI...

CVE-2025-2336

CVE-2025-2336 concerns AngularJS ngSanitize: an improper sanitization flaw allows bypassing image source restrictions via the href and xlink:href attributes in SVG elements. The root cause is inadequate sanitization, which can lead to Content Spoofing and potentially degrade application performa...

Content Spoofing

AngularJS is vulnerable to Content Spoofing. The vulnerability is due to improper sanitization of the 'href' and 'xlink:href' attributes in SVG elements, which allows attackers to bypass image source restrictions...

CVE-2025-0716

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and also negatively affect...

CVE-2025-0716

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and also negatively affect...

CVE-2024-8372

Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...

Content Spoofing

angular is vulnerable to Content Spoofing. The vulnerability is caused by improper sanitization of the value of the srcset attribute. This allows attackers to bypass common image source restrictions, leading to a form of Content Spoofing...

AngularJS allows attackers to bypass common image source restrictions

Improper sanitization of the value of the srcset attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects all versions of...

DEBIAN-CVE-2024-8372

Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...

CVE-2024-8372

Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...

Server side request forgery (ssrf)

Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...

UBUNTU-CVE-2014-1529

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page f...

CVE-2013-6398

The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request...

Cross site request forgery (csrf)

The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request...