EUVD-2025-197927

SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account...

EUVD-2019-14032

Malware in sbrugna...

Server-side Request Forgery (SSRF)

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch function in the fetch-links feature when user-supplied URLs are not validated. An attacker can access internal network resources and sensitive...

CVE-2025-49588 Linkwarden Local File Inclusion Vulnerability

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In version 2.10.2, the server accepts links of format file:///etc/passwd and doesn't do any validation before sending them to parsers and playwright, this can result in leak of other...

CVE-2017-9673

In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account via the index.php/user/new URI or change its settings via the index.php/user/1 URI, including its password...

CVE-2010-0339

SQL injection vulnerability in the User Links vm19userlinks extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Sql injection

SQL injection vulnerability in the User Links vm19userlinks extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2010-0339

CVE-2010-0339 affects TYPO3’s User Links extension (vm19_userlinks) version 0.1.1 and earlier. The root cause is an SQL injection in the extension that allows remote attackers to execute arbitrary SQL commands via unspecified vectors. This affects the component User Links (vm19_userlinks) within ...

XSS in user links

A user with username "alert"foo" that is linked to via \username markup results in script being executed. Curiously, viewing the space homepage of that user results in a blank page. This of course is prevented for public signup, but if the user gets created via other means, i.e. external user...

XSS in user links

A user with username "alert"foo" that is linked to via \username markup results in script being executed. Curiously, viewing the space homepage of that user results in a blank page. This of course is prevented for public signup, but if the user gets created via other means, i.e. external user...

XSS in user links

A user with username "alert"foo" that is linked to via \username markup results in script being executed. Curiously, viewing the space homepage of that user results in a blank page. This of course is prevented for public signup, but if the user gets created via other means, i.e. external user...