467 matches found
EUVD-2023-12923
Malicious code in bioql PyPI...
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Ope...
DEBIAN-CVE-2025-50182
urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means...
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...
CVE-2024-12595
The AHAthat Plugin WordPress plugin through 1.6 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2024-5713
The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2024-6018
The Music Request Manager WordPress plugin through 1.3 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2024-10815
The PostLists WordPress plugin through 2.0.2 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2022-2190
The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2022-2187
The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2022-2189
The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2009-2631
Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in...
CVE-2025-43714
The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...
PT-2025-53579
Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description The issue resides in insufficient protection of the web page structure within Moodle. Exploitation of this can allow a remote attacker to conduct a Cross-Site Scripting XSS attack. The flaw is...
CVE-2025-43714
The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...
CVE-2025-43714
The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...
CVE-2025-43714
The CVE-2025-43714 entry concerns OpenAI’s ChatGPT system through 2025-03-30 where SVGs were inline-rendered instead of shown as code, enabling HTML injection in modern browsers. The root cause is the inline rendering of SVG documents (not text blocks). Reported impact is HTML injection; no expli...
Google Chromium Mojo Sandbox Escape Vulnerability
Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google...
SUSE CVE-2024-11692
An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...
CVE-2024-52595
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...