USN-8324-1 tika vulnerabilities

It was discovered that Apache Tika incorrectly handled XML external entities when parsing XFA content in PDF files. An attacker could possibly use this issue to obtain sensitive information or send malicious requests to internal resources or third-party servers...

SUSE CVE-2026-1539

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...

Lexmark Printers Server-Side Request Forgery (CVE-2025-9269)

A Server-Side Request Forgery SSRF vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a third-party server. CVSSv4 Base Score 6.9...

EUVD-2009-1202

Malware in sbrugna...

EUVD-2020-6099

Malware in sbrugna...

EUVD-2022-45059

Malicious code in bioql PyPI...

CVE-2020-13891

An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022...

Information Disclosure

guzzlehttp/guzzle is vulnerable to information disclosure. The vulnerability exists because the modifyRequest function of RedirectMiddleware.php does not properly strip the authorization header or cookie header on a change in host or HTTP downgrade, allowing an attacker to set malicious domains a...

Cross-domain Cookie Leakage

guzzlehttp/guzzle is vulnerable to cross-domain cookie leakage. The library does not check if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, which allows an attacker to set malicious domains and redirect the victim to harmful third party servers...

CVE-2022-1379

URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery SSRF. This allows accessing restricted internal resources/servers or...

Server side request forgery (ssrf)

URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery SSRF. This allows accessing restricted internal resources/servers or...

Cross-site Scripting in tableexport.jquery.plugin

There is a cross-site scripting vulnerability with default onCellHtmlData function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. This can result in transmitting cookies to third-party servers and/or sending data from secure sessions to third-party servers...

GHSA-J636-CRP3-M584 Cross-site Scripting in tableexport.jquery.plugin

There is a cross-site scripting vulnerability with default onCellHtmlData function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. This can result in transmitting cookies to third-party servers and/or sending data from secure sessions to third-party servers...

CVE-2022-1291

XSS vulnerability with default onCellHtmlData function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. Transmitting cookies to third-party servers. Sending data from secure sessions to third-party servers...

CVE-2022-1291 XSS vulnerability with default `onCellHtmlData` function in hhurz/tableexport.jquery.plugin

XSS vulnerability with default onCellHtmlData function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. Transmitting cookies to third-party servers. Sending data from secure sessions to third-party servers...

Valve's Steam Server Bugs Could've Let Hackers Hijack Online Games

Critical flaws in a core networking library powering Valve's online gaming functionality could have allowed malicious actors to remotely crash games and even take control over affected third-party game servers. "An attacker could remotely crash an opponent's game client to force a win or even...

CVE-2020-13891

An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022...

CVE-2020-14449

An issue was discovered in Mattermost Mobile Apps before 1.30.0. Authorization tokens can sometimes be disclosed to third-party servers, aka MMSA-2020-0018...