2170 matches found
WordPress User Messages <= 1.2.4 - Reflected XSS
WordPress User Messages plugin = 1.2.4 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to load a...
ChurchCRM - API Authentication Bypass via URL Injection
ChurchCRM 7.1.0 contains an authentication bypass caused by improper API middleware URL handling in ChurchCRM/Slim/Middleware/AuthMiddleware.php, letting unauthenticated attackers access protected API endpoints, exploit requires crafted request URL with 'api/public id: CVE-2026-39339 info: name:...
CVE-2026-15053
creationtimestamp| type| source ---|---|--- 2026-07-11 00:40:14+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdggv6z7c2c...
CVE-2026-49866
creationtimestamp| type| source ---|---|--- 2026-07-10 16:41:48+00:00| seen| https://gist.github.com/alon710/9eaabfe8d7f17c883b344ecc760d4947 2026-07-10 18:35:05+00:00| published-proof-of-concept| https://github.com/libp2p/js-libp2p/security/advisories/GHSA-cwc9-cp4j-mcvv...
Improper Input Validation
github.com/coder/coder is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of the scheme and host in external workspace application URLs before substituting the $SESSIONTOKEN placeholder, which allows an attacker controlling a malicious workspace templa...
EUVD-2026-34013
Tesla vulnerable to atom exhaustion via untrusted URL scheme...
CVE-2026-15131
creationtimestamp| type| source ---|---|--- 2026-07-09 01:12:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq6hcdrdsr2g 2026-07-09 04:46:03+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260709...
CVE-2026-51598
An input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build 230306 Rel.79931n allows an unauthenticated, network-adjacent attacker to cause a denial of service via a crafted DESCRIBE request with a malformed URL in the request line...
CVE-2026-48956
creationtimestamp| type| source ---|---|--- 2026-07-07 20:48:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq3i3hz3pq27 2026-07-08 14:15:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mq5claiknt2n...
CVE-2025-12799
A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...
EUVD-2025-210439
A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...
CVE-2021-20173
creationtimestamp| type| source ---|---|--- 2026-07-07 12:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mq2kxfyzo62o...
PT-2026-56238
Name of the Vulnerable Software and Affected Versions GNU Wget versions prior to 1.25.1 Description A heap buffer underread exists in the clean metalink string function within src/metalink.c. This occurs when the software processes a Metalink document containing a URL consisting only of whitespac...
GHSA-287W-MXQ6-X2CP
creationtimestamp| type| source ---|---|--- 2026-07-06 21:42:10+00:00| seen| https://gist.github.com/alon710/42394c2aa3975303824ce1e33bac787e...
CVE-2026-13698
creationtimestamp| type| source ---|---|--- 2026-07-06 16:15:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyifa6m562w 2026-07-09 16:02:50+00:00| seen| https://bsky.app/profile/bootintel.bsky.social/post/3mq7z2rkvbo2o...
nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling
A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...
PYSEC-2026-914 Reddit Terminal Viewer (RTV) vulnerable to argument injection attacks
scripts/inspectwebbrowser.py in Reddit Terminal Viewer RTV 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2025-50493
creationtimestamp| type| source ---|---|--- 2026-07-06 06:10:18+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpxgkii2s32i...
CVE-2026-14641
creationtimestamp| type| source ---|---|--- 2026-07-05 00:36:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpudh4j6re2d...
GHSA-V8VC-CMF9-GG2C
creationtimestamp| type| source ---|---|--- 2026-07-04 12:51:30+00:00| seen| https://bsky.app/profile/selfhost.directory/post/3mpt3zzsn3f2w...