SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183)

SanitizeSVG bypass via data:text/xml in getDynamicIcon incomplete fix for CVE-2026-29183 SanitizeSVG blocks data:text/html and data:image/svg+xml in href attributes but misses data:text/xml and data:application/xml. Both render SVG with onload JavaScript execution confirmed in Chromium 136, other...

CVE-2019-25251

Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xmlurl'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP...

CVE-2019-25251 Teradek VidiU Pro 3.0.3 Server-Side Request Forgery via RTMP Settings

Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xmlurl'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP...

CVE-2019-25251 Teradek VidiU Pro 3.0.3 Server-Side Request Forgery via RTMP Settings

Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xmlurl'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP...

CVE-2019-25251

CVE-2019-25251 affects Teradek VidiU Pro 3.0.3. The vulnerability is a server-side request forgery in the management interface that allows manipulation of the GET parameters url and xml_url, enabling attackers to bypass firewalls, perform network enumeration, and potentially trigger external HTTP...

dotti.co.nz Cross Site Scripting vulnerability OBB-1245439

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

besured.nl Cross Site Scripting vulnerability OBB-1217184

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

proidee.de Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1166321 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

stone.focus.tv Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1031849 Security Researcher devl00p Helped patch 2974 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting stone.focus.tv website a...