1039 matches found
DEBIAN-CVE-2026-5892
Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-5892
Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-5892
Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...
Obfuscating Code Vulnerabilities against Static Analysis in JavaScript Code
Code obfuscation is widely adopted in modern software development to protect intellectual property and hinder reverse engineering, but it also provides attackers with a powerful means to conceal malicious logic inside otherwise legitimate JavaScript code. In a software supply chain where a single...
CVE-2026-3962 Jcharis Machine-Learning-Web-Apps Jinja2 Template app.py render_template cross site scripting
A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function rendertemplate of the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py of the component Jinja2 Template...
PT-2026-24891
A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function render template of the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py of the component Jinja2 Template...
Machine-Learning-Web-Apps 代码注入漏洞
Machine-Learning-Web-Apps is a machine learning web application development framework developed by JCharis Jesse. There is a code injection vulnerability in Machine-Learning-Web-Apps, which stems from an incorrect operation on the rendertemplate function in the Jinja2 Template Handler component o...
Oracle Application Testing Suite (January 2026 CPU)
The versions of Oracle Application Testing Suite installed on the remote host are affected by a vulnerability as referenced in the January 2026 CPU advisory. - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apache...
galaxy (>=25.0.1 <=25.0.4) potentially affected by unknown CVE via galaxy-web-apps (>=25.0.1 <=25.0.4)
galaxy-web-apps PYPI version =25.0.1, =25.0.1, =25.0.4 Source cves: unknown CVE Source advisory: SNYK:PYTHON-GALAXYWEBAPPS-14859127...
hacker-man
Hacker Man - Vulnerable Web Applications Lab A collection of...
Description of the security update for Microsoft Exchange Server 2019 CU15: December 9, 2025 (KB5071875)
None None...
Oracle Application Testing Suite (October 2025 CPU)
The versions of Oracle Application Testing Suite installed on the remote host are affected by a vulnerability as referenced in the October 2025 CPU advisory. - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apache...
EUVD-2020-12317
Malware in sbrugna...
EUVD-2018-19913
Malware in sbrugna...
EUVD-2024-37162
Malicious code in bioql PyPI...
PT-2025-39388
⚠️ Critical Alert – CVE-2025-78901 • Zero-day in Telerik UI library actively exploited 🚨 • Affects thousands of .NET web apps 2025.3.1 • Mass scanning and ransomware attempts underway • Action: Patch immediately! CyberSecurity ZeroDay Telerik PatchNow NewTalics...
sinatra
This is a Sinatra repository, a DSL for creating web applications in Ruby with minimal effort. The repository contains various files, including a .github/workflows/test.yml file that defines a GitHub Actions workflow for testing, and a Gemfile that lists dependencies for the project. The Gemfile...
The vulnerability of the XWiki platform for creating collaborative web applications lies in its lack of protection for website structures. This allows attackers to execute arbitrary JavaScript code.
The vulnerability of the XWiki Platform lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...
MAL-2025-5066 Malicious code in vscode-azurestaticwebapps (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6d86e1274287895eb9b8f392467eb59e1636c384bc7d0b77c9a1da853b02963 Any computer that has this package installed or running should be considered...
CVE-2024-32986
PWAsForFirefox is a tool to install, manage and use Progressive Web Apps PWAs in Mozilla Firefox. Due to improper sanitization of web app properties such as name, description, shortcuts, web apps were able to inject additional lines into XDG Desktop Entries on Linux and AppInfo.ini on...