CLSA-2026-1778687453 Fix CVE(s): CVE-2026-6735

SECURITY UPDATE: XSS in PHP-FPM status endpoint - debian/patches/CVE-2026-6735.patch: HTML-encode proc.requesturi and tighten querystring entity flags in sapi/fpm/fpm/fpmstatus.c. - CVE-2026-6735...

CLSA-2026-1778603120 Fix CVE(s): CVE-2026-6735

SECURITY UPDATE: XSS in PHP-FPM status endpoint - debian/patches/CVE-2026-6735.patch: HTML-encode proc.requesturi and tighten querystring entity flags in sapi/fpm/fpm/fpmstatus.c. - CVE-2026-6735...

EUVD-2018-0368

Malware in sbrugna...

EUVD-2018-20507

Malware in sbrugna...

EUVD-2022-6180

Malicious code in bioql PyPI...

PT-2025-35161

Name of the Vulnerable Software and Affected Versions: CGI::Simple versions prior to 1.282 Description: CGI::Simple contains a HTTP response splitting flaw that allows HTTP response header injection. This can be exploited to perform reflected cross-site scripting XSS, open redirect, cache...

jetty: Ambiguous paths can access WEB-INF

In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application...

jetty: Ambiguous paths can access WEB-INF

In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application...

Reverse-Shell-Generator - Hosted Reverse Shell Generator With A Ton Of Functionality

Hosted Reverse Shell generator with a ton of functionality -- great for CTFs Hosted Instance https://revshells.com Features Generate common listeners and reverse shells Automatically copy to clipboard Button to increment the listening port number by 1 URI and Base64 encoding LocalStorage to persi...

CVE-2019-5783

Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page...

CVE-2019-5783

Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page...

CVE-2019-5783

CVE-2019-5783 corresponds to an "insufficient validation of untrusted input" vulnerability in Google Chrome’s DevTools prior to version 72.0.3626.81. The flaw enables a remote attacker to perform a Dangling Markup Injection attack by delivering a crafted HTML page, as described in the public CVE ...

CVE-2018-3777

Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests...

CVE-2018-3777

Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests...

Authorization

Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests...

CVE-2018-3777

CVE-2018-3777 affects the Ruby gem restforce, prior to version 3.0.0. The vulnerability stems from insufficient URI encoding, allowing an attacker to inject arbitrary parameters into Salesforce API requests. Reported impact includes the ability to override HTTP methods via request parameters (e.g...

CVE-2018-3777

Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests...

PT-2018-16195 · Salesforce · Restforce

Name of the Vulnerable Software and Affected Versions: restforce versions prior to 3.0.0 Description: The issue is related to insufficient URI encoding, allowing an attacker to inject arbitrary parameters into Salesforce API requests. This flaw is only exploitable in applications that pass user...

Insufficient URI encoding in restforce

A flaw in how restforce constructs URL's may allow an attacker to inject additional parameters into Salesforce API requests. Impact ------ This flaw is only exploitable in applications that pass user input directly to restforce's select, find, describe, update, upsert, and destroy methods...

CVE-2018-8899

IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations...