CVE-2026-1439 Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface

Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...

CVE-2025-54589

Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at /?ru, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a...

CVE-2022-36318

When visiting directory listings for chrome:// URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR 102.1, Firefox ESR 91.12, Firefox 103, Thunderbird 102.1, and Thunderbird 91.12...

Application allows large characters to insert in the input field "Add new table" on the create field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in

Proof of Concept Go to http://localhost:8080/dashboard//projects Select any created project and go to the project section. Click on the "ADD/IMPORT" section and click on "add new table" Create Fill the "table name" field with huge characters, more than 1 lakh Copy the below payload and put it in...

CVE-2006-4067

The CVE-2006-4067 issue affects CakePHP, specifically the cake/libs/error.php component, where an XSS vulnerability allows an attacker to inject arbitrary script/HTML via the URL. The problem is reflected in a 404 page and arises in CakePHP before version 1.1.7.3363. Connected advisories corrobor...