search
2024-04-28

Arbitrary File Write in Resume-Matcher

/ arbitrary file write /

/ CVE-2024-33906 /
2024-01-31

Authenticated Arbitrary File Read in Mealie

/ arbitrary file read /

/ CVE-2024-24493 /
2023-12-20

SSRF in Gradio

/ ssrf / dos /

/ CVE-2023-51449 / GHSA-6qm2-wpxq-7qh2 /
2023-11-28

PHP HTML parser differential due to libxml2 lack of HTML5 support

/ xss / mxss / bypass / parser differential /

2023-11-13

Typo3 HTML Sanitizer By-passing via the processing instructions

/ xss / bypass /

/ CVE-2023-47125 / GHSA-mm79-jhqm-9j54 /
2023-11-13

Masterminds/html5-php parser differential

/ xss / mxss / bypass / parser differential /

2023-10-03

HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content

/ xss / mxss / bypass /

/ CVE-2023-44390 / GHSA-43cp-6p3q-2pc4 /
2023-07-25

Typo3 HTML Sanitizer By-passing via the noscript tag

/ xss / mxss / bypass /

/ CVE-2023-38500 / GHSA-59jf-3q9v-rh6g /
2023-07-11

Vendure Cross Site Request Forgery vulnerability impacting all API requests

/ csrf / npm /

/ GHSA-h9wq-xcqx-mqxm /
2023-07-03

@vendure/admin-ui-plugin authenticated XSS

/ xss / npm /

/ GHSA-9f66-54xg-pc2c /
2021-12-29

Deserialization attack via JDBC Appender in log4j

/ deserialization / java / log4j / log4j2 /

/ CVE-2021-44832 /
2021-06-27

Prototype pollution in extend2

/ npm / prototype-pollution /

2021-06-27

Prototype pollution in cloneextend

/ npm / prototype-pollution /

2021-06-16

Unintended function invocation in Spring Cloud Function

/ java / function /

2021-06-16

DoS in Spring Cloud Function

/ java / dos / denial of service /

/ CVE-2022-22979 /
2021-05-16

Deserialization RCE attack in replicator

/ deserialization / rce / npm /

/ CVE-2021-33420 /
2021-04-25

Remote code execution vulnerability in reqwest

/ rce / node / nodejs / javascript / npm /

2021-04-25

Command injection vulnerability in curl-ganteng

/ rce / node / nodejs / javascript / npm /

/ CVE-2021-31896 /
2021-02-17

Hostname spoofing in url-parse

/ javascript / npm / improper validation / spoofing /

/ CVE-2021-27515 /
2021-02-12

Hostname spoofing in urijs

/ javascript / npm / improper validation / spoofing /

/ CVE-2021-27516 / GHSA-p6j9-7xhc-rhwp /
2021-02-09

Denial of Service in get-ip-range package

/ javascript / dos / denial of service /

/ CVE-2021-27191 /
2021-01-31

Mutation XSS in Mozilla-bleach using comments

/ xss / mxss / bypass / python / mozilla /

/ CVE-2021-23980 /
2021-01-13

CSRF in Elementor-Contact-Form-DB wordpress plugin

/ csrf / wordpress /

/ CVE-2021-3133 /
2020-12-22

RCE via site-offline wordpress plugin

/ rce / xss / csrf / wordpress / webshell /

/ CVE-2020-35773 /
2020-12-16

Open redirect in Jupyter server

/ python / open redirect /

/ CVE-2020-26275 / GHSA-9f66-54xg-pc2c /
2020-12-07

CSRF in ultimate-category-excluder wordpress plugin

/ csrf / wordpress /

/ CVE-2020-35135 /
2020-11-26

Mutation Cross-Site Scripting in lxml

/ xss / mxss / bypass / python /

/ CVE-2020-27783 /
2020-11-17

Reintroduced ReDoS in debug

/ javascript / npm / redos /

2020-08-19

Stored XSS via folder name in Codiad

/ rce / xss / php / webshell /

/ CVE-2020-14042 /
2020-08-19

Codiad SSRF when installing a plugin

/ rce / php / webshell / ssrf /

/ CVE-2020-14044 /
2020-08-19

Codiad CSRF in the plugin request

/ rce / csrf / php / webshell /

/ CVE-2020-14043 /
2020-03-16

Mutation XSS in Mozilla-bleach via svg or math

/ xss / mxss / bypass / python / mozilla /

/ CVE-2020-6816 /
2020-02-24

Mutation XSS in Mozilla-bleach via noscript

/ xss / mxss / bypass / python / mozilla /

/ CVE-2020-6802 /