8399 matches found
Xinuo Openserver 5/6 - Cross-Site scripting
Xinuo formerly SCO Openserver versions 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section' and is vulnerable to reflected cross-site scripting. id: CVE-2020-25495 info: name: Xinuo Openserver 5/6 - Cross-Site scripting author: 0xAkoko severity:...
WordPress < 4.8.2 - Authenticated Open Redirect
WordPress versions before 4.8.2 contain an open redirect caused by improper validation in wp-admin/edit-tag-form.php and wp-admin/user-edit.php, letting attackers redirect users to malicious sites, exploit requires access to admin interface. id: CVE-2017-14725 info: name: WordPress 4.8.2 -...
EUVD-2026-43089
vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...
CVE-2026-55175
Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pod...
CVE-2026-15086
vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...
CVE-2026-54736
Phalcon is a high-performance, full-stack PHP framework. Prior to 5.14.1, Phalcon\Encryption\Crypt::decrypt compares the attacker-supplied HMAC tag against the freshly computed HMAC using PHP/Zephir identity comparison, which lowers to a byte-wise comparison that returns early on the first...
CVE-2026-13244
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Tealium iQ Tag Management allows Object Injection. This issue affects Tealium iQ Tag Management versions: from 0.0.0 to 2.4.0...
CVE-2026-15086 Raw Formatter [Meta Tag Formatter] - Critical - Unsupported - SA-CONTRIB-2026-077
vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...
CVE-2026-15086
Technical details about CVE-2026-15086 are not publicly available in the provided documents. Monitor for updates from official advisories and vulnerability feeds.
EUVD-2026-43087
Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pod...
CVE-2026-13244 Tealium iQ Tag Management - Critical - PHP object injection - SA-CONTRIB-2026-064
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Tealium iQ Tag Management allows Object Injection. This issue affects Tealium iQ Tag Management versions: from 0.0.0 to 2.4.0...
CVE-2026-13244
CVE-2026-13244 affects the Drupal integration module Tealium iQ Tag Management. The issue arises from how the module stores data in the PHP-serialized field tealiumiq, which can lead to an Object Injection vulnerability when serialized data is unserialized. Affected versions are Tealium iQ Tag Ma...
CVE-2026-57213
RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmqfederationmanagement plugin renders the consumertag field on the Federation Status page without HTML escaping, allowing a user who can configure a federation upstream or policy to execute...
CVE-2026-57213
RabbitMQ’s rabbitmq_federation_management plugin is vulnerable to stored XSS on the Federation Status page because consumer_tag is rendered without HTML escaping. Prior to the fixed releases (3.13.14, 4.0.19, 4.1.10, 4.2.5), a user who can configure a federation upstream or policy could inject co...
CVE-2026-57213 RabbitMQ: Stored XSS federation management plugin via unsanitized consumer_tag rendering
RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmqfederationmanagement plugin renders the consumertag field on the Federation Status page without HTML escaping, allowing a user who can configure a federation upstream or policy to execute...
FTP Fetch, Windows shellcode stage, Find Tag Ordinal Stager
Fetch and execute an x86 payload from an FTP server. Custom shellcode stage. Use an established connection Module Options msf use payload/cmd/windows/ftp/x86/custom/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set...
Dword XOR Encoder (Tag-based)
Dword XOR encoder for RISC-V 64-bit Little Endian using a tag-based terminator rather than an encoded length. The decoder loop XORs each dword and stops when the result is zero the sentinel. This avoids encoding the payload length in the stub, eliminating a source of bad character conflicts. Note...
Dword XOR Encoder (Tag-based)
Dword XOR encoder for RISC-V 32-bit Little Endian using a tag-based terminator rather than an encoded length. The decoder loop XORs each dword and stops when the result is zero the sentinel. This avoids encoding the payload length in the stub, eliminating a source of bad character conflicts. Note...
CVE-2026-57167
PeerTube is affected prior to version 8.2.2 by an XSS in server-side rendered video watch pages. The vulnerability arises from embedding a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping , or / characters, allowing a value that includes the closing script tag sequen...
CVE-2026-57167 PeerTube: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence...