61 matches found
EUVD-2017-9152
Malware in sbrugna...
EUVD-2022-1616
Malicious code in bioql PyPI...
EUVD-2023-28809
Malicious code in bioql PyPI...
EUVD-2023-29638
Malicious code in bioql PyPI...
EUVD-2025-4034
Malicious code in bioql PyPI...
EUVD-2022-0153
Malicious code in bioql PyPI...
EUVD-2023-0141
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-32683
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist...
CVE-2022-41952
Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead to...
CVE-2025-25104
Cross-Site Request Forgery CSRF vulnerability in mraliende URL-Preview-Box good-url-preview-box allows Cross Site Request Forgery.This issue affects URL-Preview-Box: from n/a through = 1.20...
CVE-2025-25104
Cross-Site Request Forgery CSRF vulnerability in mraliende URL-Preview-Box good-url-preview-box allows Cross Site Request Forgery.This issue affects URL-Preview-Box: from n/a through = 1.20...
CVE-2025-25104 WordPress URL-Preview-Box plugin <= 1.20 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in mraliende URL-Preview-Box good-url-preview-box allows Cross Site Request Forgery.This issue affects URL-Preview-Box: from n/a through = 1.20...
CVE-2025-25104 WordPress URL-Preview-Box plugin <= 1.20 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in mraliende URL-Preview-Box good-url-preview-box allows Cross Site Request Forgery.This issue affects URL-Preview-Box: from n/a through = 1.20...
CVE-2025-25104
CVE-2025-25104 affects the WordPress URL-Preview-Box plugin (versions <= 1.20). The vulnerability is a Cross-Site Request Forgery (CSRF) that leads to a Stored Cross-Site Scripting (XSS) condition. According to the provided metrics, the CVSS v3.1 base score is 7.1 (HIGH), with network attack v...
WordPress plugin URL-Preview-Box 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...
WordPress URL-Preview-Box plugin <= 1.20 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by Abdi Pranata in WordPress Plugin URL-Preview-Box versions = 1.20...
CVE-2024-42347 URL preview setting for a room is controllable by the homeserver in matrix-react-sdk
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...
CVE-2024-42347 URL preview setting for a room is controllable by the homeserver in matrix-react-sdk
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...
Matrix SDK for React's URL preview setting for a room is controllable by the homeserver
Impact A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. Even if the CVSS score would be 4.1 AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N the...
GHSA-F83W-WQHC-CFP4 Matrix SDK for React's URL preview setting for a room is controllable by the homeserver
Impact A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. Even if the CVSS score would be 4.1 AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N the...