CVE-2026-9280

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

PT-2026-44840

OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv process history in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV smart card or USB device returning a URL field...

CVE-2026-8425

The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to ...

GHSA-F8H4-46XV-H7JJ Jenkins HTML Publisher Plugin has a XSS vulnerability in the legacy wrapper file

Jenkins HTML Publisher Plugin versoins 427 and earlier do not escape the job name and URL in the legacy wrapper file. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. HTML Publisher Plugin 427.1 escapes job name and URL when...

Ech0: Unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadata

Summary The GET /api/website/title endpoint accepts an arbitrary URL via the websiteurl query parameter and makes a server-side HTTP request to it without any validation of the target host or IP address. The endpoint requires no authentication. An attacker can use this to reach internal network...

MAL-2026-2026 Malicious code in pipinpeace-env (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b76166abb6c7173f1cc74e41509f4ded1be2de5cea682016e00001e4e23b75a9 Package is designed to exfiltrate env variables during installation. However, it requires providing a URL as an installation parameter, which suggests it's mor...

EUVD-2017-16758

Malware in sbrugna...

XunRuiCMS 代码注入漏洞

XunRuiCMS XunRuiCMS is a content management system for individual developers of XunRuiCMS. A code injection vulnerability exists in XunRuiCMS 4.6.3 and earlier versions, which stems from the incorrect operation of the parameter Website Address that can lead to cross-site scripting...

PT-2025-4114 · Unknown · Code-Projects Job Recruitment

Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment version 1.0 Description: A problematic issue has been found in the file / parse/load job-details.php, where the manipulation of the business stream name and company website url arguments leads to cross site...

Security Vulnerabilities fixed in Firefox for iOS 134 — Mozilla

Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address...

CVE-2024-38313

In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS 127...

Mozilla: Alert dialog could have been spoofed on another site

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim website's URL shown...

CVE-2022-29349

kkFileView v4.0.0 was discovered to contain a cross-site scripting XSS vulnerability via the url parameter at /controller/OnlinePreviewController.java...

The vulnerability of Google Chrome’s browser allows a hacker to replace the URL.

The vulnerability of the ios/web/webstate/ui/crwwebcontroller.mm component in the Google Chrome browser does not guarantee that an invalid URL will be replaced with a about:blank page. Exploiting this vulnerability could allow a malicious actor to substitute a URL with a specially crafted website...

cPanel 11.x (Fantastico) Local File Include / SM-b0x

Exploit for php platform in category web applications cPanel 11.x Fantastico Local File Include / SM-b0x ////\ //\ //\ //\ //\ //\ //\ //\ //\ :::/\ ::\:.\ \::\ \ \ \ :\ \ ::: \ \::: \ \::\ \:::/ /: / \:::/ ::/\ .\ \ //\:\ \ :: \ \:: /:/ /: / /::/ /\/\:: ::\ \::::/ :...

cPanel 11.x Privilege Escalation Exploit

Exploit for php platform in category web applications Privilege Escalation Exploit By TurkisH-RuleZ ////\ //\ //\ //\ //\ //\ //\ //\ //\ :::/\ ::\:.\ \::\ \ \ \ :\ \ ::: \ \::: \ \::\ \:::/ /: / \:::/ ::/\ .\ \ //\:\ \ :: \ \:: /:/ /: / /::/ /\/\:: ::\ \::::/ :\ \::...

NavBoard 2.6.0 - Remote Code Execution

"; print ""; print ""; print "Main forum settings"; print ""; print "Board Title"; print ""; print ""; print ""; print "Admin email address blank will not display"; print ""; print "input ty...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to inject arbitrary web script or HTML via the 1 ICQ, 2 AIM, 3 MSN, 4 Google Talk, 5 Website Name, 6 Website Address, 7 Email Address, 8 Location, 9 Signature, and 10 Sub-Titles fields in the user profil...