WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained code vulnerabilities. These vulnerabilities stemmed from the use of isSSRFSafeURL, which only verified the initial URL. This could allow attackers to bypass SSRF...

Improper Encoding or Escaping of Output

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the Utils::parseUrl function during comment rendering. An attacker can execute arbitrary JavaScript in the...

CVE-2026-40301 rhukster/dom-sanitizer: SVG <style> tag allows CSS injection via unfiltered url() and @import directives

DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sanitize allows elements in SVG content but never inspects their text content. CSS url references and @import rules pass through unfiltered, causing the browser to issue HTTP requests to...

CVE-2026-33237

CVE-2026-33237 affects WWBN AVideo. The Scheduler plugin’s run() path in plugin/Scheduler/Scheduler.php uses callbackURL with isValidURL() (URL format check) but omits isSSRFSafeURL(), allowing SSRF to RFC-1918/private and cloud metadata endpoints. Concrete details show the vulnerable code at Sch...

CVE-2025-1211

Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery SSRF due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://[email protected]/, the URI function will parse and see the host as 127.0.0.1 which is correct, and hackney...

Nextcloud: Roundcube Webmail Style Sanitizer can be bypassed using CSS Character Escapes

A vulnerability was discovered in the style sanitizer of Roundcube Webmail that allowed bypassing the sanitizer using CSS character escapes. This enabled the use of arbitrary inline CSS, such as the url function, which could be used to retrieve the IP address and user agent of the person reading...

CVE-2019-8153

A mitigation bypass to prevent cross-site scripting XSS exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Successful exploitation of this vulnerability would result in an attacker being able to bypass the escapeURL function and execute a malicious XSS payload...

PT-2025-21783 · Totolink · Totolink A702R +1

Name of the Vulnerable Software and Affected Versions: TOTOLINK A702R, A3002R and A3002RU version 3.0.0-B20230809.1615 Description: A critical issue affects the submit-url function of the file /boafrm/formReflashClientTbl in the HTTP POST Request Handler component, leading to a buffer overflow...

PT-2023-29572 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: zzzCMS version 2.1.9 Description: The issue allows a remote attacker to execute arbitrary code via a crafted file to the down url function in the zzz.php file. This enables the attacker to potentially gain control over the system...

PT-2023-27996 · Couchcms · Couchcms

Name of the Vulnerable Software and Affected Versions: CouchCMS version 2.3 Description: An open redirect issue exists in the sanitize url parameter, allowing attackers to redirect users to arbitrary websites via crafted URLs. Recommendations: For CouchCMS version 2.3, consider disabling the...

PT-2023-19474 · Mlecms · Mlecms

Name of the Vulnerable Software and Affected Versions: MLECMS version 3.0 Description: A critical issue affects the get url function in the library /upload/inc/lib/admin of the file uploadincincludecommon.func.php. The manipulation of the argument $ SERVER'REQUEST URI' leads to SQL injection. The...

WP Ultimate CSV Importer < 6.5.3 - Admin+ Blind SSRF

The plugin does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks Put an internal/LAN URL such as below in the file upload by URL function https://127.0.0.1:8080...

GHSA-3HQ6-RMV7-39VH Injection in op-browser

op-browser through 1.0.9 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function...

Injection in op-browser

op-browser through 1.0.9 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function...

CVE-2021-40728

Adobe Acrobat Reader DC version 21.007.20095 and earlier, 21.007.20096 and earlier, 20.004.30015 and earlier, and 17.011.30202 and earlier is affected by a use-after-free vulnerability in the processing of the GetURL function on a global object window that could result in arbitrary code execution...

nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()

A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...

Unspecified Vulnerability in Flask-User

Flask-User is a software application. Customizable user authentication and user management, register, confirm, login, change username, password, forget password, etc. A security vulnerability exists in Flask-User, which can be exploited to bypass url authentication and redirect a user to an...

sunkaifei FlyCM 代码问题漏洞

sunkaifei FlyCms is sunkaifei open source application . A similar to Zhihu to Q&A based on the fully open source JAVA language development of social network building program . sunkaifei FlyCM has a security vulnerability , the vulnerability stems from ImagesService.java saveUrlAs function has a...

PT-2021-5825 · Unknown +8 · Hosted-Git-Info +8

Name of the Vulnerable Software and Affected Versions: hosted-git-info versions prior to 3.0.8 Description: The issue is related to a Regular Expression Denial of Service ReDoS in the fromUrl function in index.js. This occurs due to the shortcutMatch regular expression, which exhibits polynomial...

Cross-Site Scripting (XSS)

prismJS is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript via the url function of Previewers plugin...