Local Deep Research 代码问题漏洞

Local Deep Research is an AI search assistant developed by LearningCircuit. Versions of Local Deep Research prior to 1.6.10 contained code vulnerabilities. These vulnerabilities stemmed from defects in the URL checking logic, which could be exploited by attackers, leading to SSRF attacks...

CVE-2024-26148

Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...

PT-2023-30340 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue arises from Mattermost's failure to properly check a redirect URL parameter, allowing for an open redirect. This occurs when a user clicks "Back to Mattermost" after providing ...

Remote code execution

Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL...

Plone Cross-site Scripting Vulnerability

Plone's URL checking infrastructure includes a method for checking if URLs valid and located in the Plone site. By passing HTML into a specially crafted url containing script, %3Cscript, javascript:, or javascript%3A, Cross-site Scripting can be achieved...

CVE-2020-15258

In Wire before 3.20.x, shell.openExternal was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened. The...

openSUSE Security Update : ceph (openSUSE-2020-187)

This update for ceph fixes the following issues : - CVE-2020-1700: Fixed a denial of service against the RGW server via connection leakage bsc1161312. - CVE-2020-1699: Fixed a information disclosure by improper URL checking bsc1161074. This update was imported from the SUSE:SLE-15-SP1:Update upda...

Security update for ceph (moderate)

openSUSE Security Update: Security update for ceph Announcement ID: openSUSE-SU-2020:0187-1 Rating: moderate References: 1161074 1161312 Cross-References: CVE-2020-1699 CVE-2020-1700 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now available. Description: This...

CVE-2016-7138

Cross-site scripting XSS vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2016-7138

Cross-site scripting XSS vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

Cross site scripting

Cross-site scripting XSS vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

PYSEC-2017-61

Cross-site scripting XSS vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

PYSEC-2017-61

Cross-site scripting XSS vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2016-7138

Cross-site scripting XSS vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2016-7138

CVE-2016-7138 is a cross-site scripting (XSS) vulnerability in Plone CMS’s URL checking infrastructure. Affects Plone 5.x up to 5.0.6, 4.x up to 4.3.11, and 3.3.x up to 3.3.6. The issue allows remote attackers to inject arbitrary web script or HTML via a crafted URL. The Connected documents confi...

CVE-2016-7138

Cross-site scripting XSS vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

plone -- multiple vulnerabilities

Plone.org reports: Versions Affected: All current Plone versions. Versions Not Affected: None. Nature of vulnerability: Allows creation of members by anonymous users on sites that have self-registration enabled, allowing bypass of CAPTCHA and similar protections against scripted attacks. The patc...

Hacking a Facebook Account using Facebook

Hacking a Facebook Account using Facebook Many of us know that phishing is also a trick to hack a facebook and session hijicking but hacker can do both at a same time. This vulnerability was happened on Facebook static FBML .Example here . Here you can get that Facebook FBML script : What user wi...

Microsoft ASP.NET Application Folder Information Disclosure (MS06-033; CVE-2006-1300)

ASP.NET is a technology that provides a programming model and infrastructure for creating dynamic web applications. ASP.NET is part of the Microsoft .NET Framework. ASP.NET is deployed on the Microsoft Internet Information Server, which treats files with the .aspx extension as ASP.NET files and...