FastChat - Open Redirect

Detects an open redirect vulnerability in lm-sys/fastchat version 0.2.36, which allows attackers to redirect users to malicious URLs. id: CVE-2024-10908 info: name: FastChat - Open Redirect author: DhiyaneshDK severity: medium description: | Detects an open redirect vulnerability in lm-sys/fastch...

PT-2026-45801

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...

PT-2026-39445

Name of the Vulnerable Software and Affected Versions PHP versions 8.2.0 through 8.2.30 PHP versions 8.3.0 through 8.3.30 PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 Description Improper sanitation of user data allows an attacker to compose a URL that executes arbitrary...

CVE-2025-57881

A reflected cross-site scripting xss vulnerability exists in the modifyEmail functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-55071

A reflected cross-site scripting xss vulnerability exists in the modifyAnonymize functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-54852

A reflected cross-site scripting xss vulnerability exists in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-54814

MedDream PACS Premium 7.3.6.870 contains a post-auth reflected XSS in Pacs/modifyAutopurgeFilter.php via the key URL parameter. A crafted URL can cause arbitrary JavaScript execution in the affected web output. Talos reports the vulnerability as TALOS-2025-2261 (CVE-2025-54814) with CVSSv3.1 6.1 ...

CVE-1999-0222

Denial of service in Cisco IOS web server allows attackers to reboot the router using a long URL...

@vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint

Summary The /viterscfindSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sending a crafted HTTP request with a file:// URL in the filename query parameter. Severity:...

EUVD-2009-2992

Malware in sbrugna...

EUVD-2016-5767

Malware in sbrugna...

EUVD-2014-0057

Malware in sbrugna...

EUVD-2020-7845

Malware in sbrugna...

EUVD-2010-0695

Malware in sbrugna...

EUVD-2001-0064

Malware in sbrugna...

EUVD-2021-26978

Malware in sbrugna...

EUVD-2021-26662

Malware in sbrugna...

EUVD-2016-3641

Malware in sbrugna...

EUVD-2024-46636

Malicious code in bioql PyPI...

AndSoft e-TMS 跨站脚本漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...