121 matches found
EUVD-2022-53141
Malicious code in bioql PyPI...
command-injection-payload-list
It is an offensive tool for web application security. The primary CVE ID is not explicitly mentioned, but the description pertains to OS command injection vulnerabilities. The target product/service is web applications, and the vulnerability class/vector is OS command injection. Notable...
📄 ABB Cylon Aspect 3.08.03 Java/PHP Log Forging
Multiple PHP and Java components across the system fail to properly sanitize user-supplied input before including it in application logs. In PHP, files like supervisorProxy.php directly embed values such as $SERVER'REQUESTURI' and raw POST bodies into log messages without filtering, enabling...
CVE-2022-31743
Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox 101...
CVE-2020-26227
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid typo3/cms-fluid of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions...
CVE-2019-8135
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency injection through Symphony framework allows service identifiers to be derived from user controlled data, which can lead to remote code execution...
CVE-2025-30223 Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input
Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting XSS vulnerability exists in Beego's RenderForm function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that...
GHSA-HW62-58PR-7WC5 DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace
!NOTE This advisory was originally emailed to [email protected] by @nsysean. To sum it up, the use of javascript's .replace opens up to potential XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from solid-meta are...
CVE-2025-27108
dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. In affected versions the use of javascript's .replace opens up to potential Cross-site Scripting XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from...
CVE-2025-27108
CVE-2025-27108 affects dom-expressions. The vulnerability arises from using JavaScript String.replace with special replacement patterns (notably $' and $�60) when injecting assets into HTML headers via solid-meta, where user-controlled attributes (Meta tags) can be manipulated to achieve XSS. Thi...
CVE-2025-27108 Cross-site Scripting vulnerability due to improper use of string.replace in dom-expressions
dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. In affected versions the use of javascript's .replace opens up to potential Cross-site Scripting XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from...
CVE-2022-39298
MelisFront is the engine that displays website hosted on Melis Platform. It deals with showing pages, plugins, URL rewritting, search optimization and SEO, etc. Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-front, and ultimately leads to the execution of...
CVE-2024-8475
Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables. This issue affects WiFiBurada: before 1.0.5...
CVE-2024-42361 GHSL-2023-256: HertzBeat Authenticated (guest role) SQL injection in /api/monitor/{monitorId}/metric/{metricFull}
Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/monitorId/metric/metricFull endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection...
Remote Code Execution (RCE)
torrentpier/torrentpier is vulnerable to Remote Code Execution RCE. The vulnerability is due to the unsafe handling of user-controlled data specifically cookies within the gettracks function in torrentpier/library/includes/functions.php, where unsafe usage of PHP's native serialization format...
golang: html/template: errors returned from MarshalJSON methods may break template escaping
A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into...
CVE-2024-35231
rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data profilerruns was not constrained to any limitation. This would lead to...
CVE-2024-35231 rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data profilerruns was not constrained to any limitation. This would lead to...
PT-2024-40457 · Laravel · Laravel
Name of the Vulnerable Software and Affected Versions: Laravel versions prior to 4.1.29 Description: The issue concerns mass assignment vulnerabilities in Laravel when not using the fillable property on models or when using guarded and passing user-controlled arrays into update or save functions...
Sensitive Information Disclosure
go is vulnerable to Sensitive Information Disclosure. The vulnerability is due to errors returned from MarshalJSON methods containing user-controlled data, which can break contextual auto-escaping behavior, leading to unexpected content injection into templates...