CVE-2026-53736

Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicatepost action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type...

EUVD-2006-0404

Malware in sbrugna...

EUVD-2019-14638

Malware in sbrugna...

EUVD-2020-12611

Malware in sbrugna...

EUVD-2006-1736

Malware in sbrugna...

EUVD-2019-14841

Malware in sbrugna...

EUVD-2023-43252

Malicious code in bioql PyPI...

CVE-2023-33876

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. Specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. ...

CVE-2020-9259

Huawei Honor V30 smartphones with versions earlier than 10.1.0.212C00E210R5P1 have an improper authentication vulnerability. The system does not sufficiently validate certain parameter passed from the bottom level, the attacker should trick the user into installing a malicious application and...

CVE-2024-9375

The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.0.36. This makes it possible for unauthenticated attackers to inject...

CVE-2024-25648

Foxit Reader 2024.1.0.23997 is affected by a use-after-free in the ComboBox handling that can be triggered when processing JavaScript in a malicious PDF or when visiting a crafted site with the browser plugin enabled. Talos provides concrete details on the vulnerable path: a ComboBox object is fr...

Design/Logic Flaw

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker nee...

CVE-2023-38573

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...

CVE-2023-5441

A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash. Mitigation Do not run untrusted vim scripts as it's not recommended...

CVE-2023-29213

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of org.xwiki.platform:xwiki-platform-logging-ui it is possible to trick a user with programming rights into visiting a constructed url where e.g., by embedding an image wi...

CVE-2022-22762

Under certain circumstances, a JavaScript alert or prompt could have been shown while another website was displayed underneath it. This could have been abused to trick the user. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox ...

Design/Logic Flaw

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker...

CVE-2022-37317

Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 6.10.0.4 and 6.11 P2 HF4...

Kirby CMS 2.5.12 Cross-site Scripting

An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages...

Cross-Site Request Forgery (CSRF) in pkp/pkp-lib

Description No CSRF in upload profile too: /index.php/e/$$$call$$$/tab/user/profile-tab/upload-profile-image. More endpoints: Reordering data: /index.php/e/$$$call$$$/grid/settings/submission-checklist/submission-checklist-grid/save-sequence...