Lucene search
K

14 matches found

OSV
OSV
added 2026/04/22 8:9 p.m.7 views

GHSA-4948-F92Q-F432 @nocobase/database has SQL Injection via String Concatenation through Recursive Eager Loading

Summary The queryParentSQL function in the core database package constructs a recursive CTE query by joining nodeIds with string concatenation instead of using parameterized queries. The nodeIds array contains primary key values read from database rows. An attacker who can create a record with a...

7.5CVSS5.9AI score0.01875EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/10/16 4:56 p.m.15 views

CVE-2025-62380

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.31 contain an HTML injection vulnerability in plaintext emails generated with the generatePlaintext method when user generated content is supplied. The plaintext...

6.3CVSS7.5AI score0.00409EPSS
Exploits0References1
CVE
CVE
added 2025/10/15 4:52 p.m.11 views

CVE-2025-62380

Mailgen (Node.js) versions up to 2.0.31 expose an HTML injection/XSS risk in plaintext output generated by generatePlaintext. The plaintext cleaning code strips HTML tags with a regex, decodes HTML entities, and then replaces decoded content; however, HTML tags containing certain Unicode line sep...

6.3CVSS7AI score0.00409EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/14 6:31 a.m.5 views

EUVD-2025-34141

The Simple SEO WordPress plugin before 2.0.32 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...

6.1CVSS5.5AI score0.00177EPSS
Exploits0References3
CBLMariner
CBLMariner
added 2025/10/03 3:8 p.m.7 views

CVE-2025-8836 affecting package jasper for versions less than 2.0.32-5

CVE-2025-8836 affecting package jasper for versions less than 2.0.32-5. A patched version of the package is available...

4.8CVSS4.5AI score0.00184EPSS
Exploits1
OSV
OSV
added 2025/08/11 8:15 a.m.6 views

AZL-66198 CVE-2025-8837 affecting package jasper for versions less than 2.0.32-5

A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpcdecdump of the file src/libjasper/jpc/jpcdec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public...

7.8CVSS4.8AI score0.00204EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/07/09 7:38 a.m.4 views

WordPress Extensions for Elementor plugin <= 2.0.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via EE Events and EE Flipbox Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via EE Events and EE Flipbox Widget vulnerability discovered by stealthcopter in WordPress Plugin Extensions for Elementor versions = 2.0.32...

6.4CVSS5.8AI score0.00352EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/01/24 12:0 a.m.13 views

RHCOS 4 : OpenShift Container Platform 4.13.25 (RHSA-2023:7606)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7606 advisory. - haproxy: Proxy forwards malformed empty Content-Length headers CVE-2023-40225 Note that Nessus has not tested for this issue but has instea...

7.2CVSS7.1AI score0.01815EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/08/17 12:0 a.m.17 views

Ubuntu 20.04 LTS : HAProxy vulnerability (USN-6294-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6294-2 advisory. USN-6294-1 fixed vulnerabilities in HAProxy. This update provides the corresponding updates for Ubuntu 20.04 LTS. Tenable has extracted the preceding description...

7.2CVSS7.1AI score0.01815EPSS
Exploits1References2
CBLMariner
CBLMariner
added 2022/04/09 6:51 a.m.21 views

CVE-2021-26927 affecting package jasper for versions less than 2.0.32-2

CVE-2021-26927 affecting package jasper for versions less than 2.0.32-2. An upgraded version of the package is available that resolves this issue...

5.5CVSS6.4AI score0.0109EPSS
Exploits1
CBLMariner
CBLMariner
added 2022/04/09 6:51 a.m.23 views

CVE-2021-3467 affecting package jasper for versions less than 2.0.32-2

CVE-2021-3467 affecting package jasper for versions less than 2.0.32-2. An upgraded version of the package is available that resolves this issue...

5.5CVSS5.7AI score0.00629EPSS
Exploits0
Packet Storm
Packet Storm
added 2021/06/30 12:0 a.m.167 views

Securepoint SSL VPN Client 2.0.30 Local Privilege Escalation

Local Privilege Escalation in Securepoint SSL VPN Client 2.0.30 Metadata =================================================== Release Date: 29-Jun-2021 Author: Florian Bogner @ https://bee-itsecurity.at Affected product: Securepoint SSL VPN Client Fixed in: version 2.0.32 Tested on: Windows 10 x64...

0.6AI score0.00707EPSS
Exploits3
Patchstack
Patchstack
added 2021/03/29 12:0 a.m.20 views

WordPress WorkScout premium theme <= 2.0.31 - Cross-Frame Scripting (XFS) vulnerability

Cross-Frame Scripting XFS vulnerability discovered by m0ze Patchstack Red Team in WordPress WorkScout premium theme versions = 2.0.31. Solution Update the WordPress WorkScout premium theme to the latest available version at least 2.0.32...

2AI score
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.24 views

Gentoo Security Advisory GLSA 200411-08 (GD)

The remote host is missing updates announced in advisory GLSA 200411-08. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS6.5AI score0.28255EPSS
Exploits0References4
Rows per page
Query Builder