Lucene search
K

87 matches found

Cvelist
Cvelist
added 2026/02/19 8:27 a.m.29 views

CVE-2026-27094 WordPress CoBlocks plugin <= 3.1.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GoDaddy CoBlocks coblocks allows Stored XSS.This issue affects CoBlocks: from n/a through = 3.1.16...

6.5CVSS0.0013EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/19 8:27 a.m.2 views

CVE-2026-27094

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GoDaddy CoBlocks coblocks allows Stored XSS.This issue affects CoBlocks: from n/a through = 3.1.16...

5.5AI score0.0013EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.9 views

PT-2026-20771

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GoDaddy CoBlocks coblocks allows Stored XSS.This issue affects CoBlocks: from n/a through = 3.1.16...

5.5AI score0.0013EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

WordPress plugin CoBlocks 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...

6.5CVSS5.7AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.9 views

CVE-2023-4006

Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16...

9.8CVSS6.7AI score0.00677EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.8 views

CVE-2023-4007

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16...

8.8CVSS5.9AI score0.00426EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/07 11:49 a.m.5 views

WordPress CoBlocks plugin <= 3.1.16 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin CoBlocks versions = 3.1.16...

6.5CVSS5.4AI score0.0013EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2025/12/17 11:42 p.m.18 views

CSV Injection

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to CSV Injection via the users data export feature. An attacker can execute arbitrary commands on the system by injecting malicious formulas into the profi...

8.8CVSS7.7AI score0.00442EPSS
Exploits1References2
OSV
OSV
added 2025/11/20 4:53 p.m.5 views

CVE-2025-62724 Open OnDemand allowlist bypass using symlinks in directory downloads (TOCTOU)

Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, users can craft a "Time of Check to Time of Use" TOCTOU attack when downloading zip files to access files outside of the OODALLOWLIST. This vulnerability impacts sites that use the file browser allowlists in all curre...

4.3CVSS6.8AI score0.00186EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2128

Malicious code in bioql PyPI...

8.8CVSS7AI score0.00426EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-49007

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the...

8.7CVSS6.4AI score0.00483EPSS
Exploits0References3
OSV
OSV
added 2025/06/04 11:15 p.m.1 views

DEBIAN-CVE-2025-49007

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Carefully crafted input can caus...

5.3CVSS5.4AI score0.00483EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/04 12:0 a.m.4 views

Rack 安全漏洞

Rack is a modular Ruby web server interface from the Rack open source. A security vulnerability exists in Rack versions prior to 3.1.16, which stems from a denial-of-service vulnerability in the Content-Disposition parsing component that could lead to a service interruption...

8.7CVSS6.3AI score0.00483EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.7 views

CVE-2024-55660

SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/template/renderSprig endpoint is vulnerable to Server-Side Template Injection SSTI through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables...

9.8CVSS6.7AI score0.00602EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:53 a.m.5 views

CVE-2024-55659

SiYuan is a personal knowledge management system. Prior to version 3.1.16, the /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting via the file write. Version 3.1.16 contains a patch for the issue...

8.7CVSS5.8AI score0.0037EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/02/06 11:43 p.m.5 views

WordPress Nextend Social Login Pro plugin <= 3.1.16 - Authentication Bypass via Apple OAuth provider vulnerability

Authentication Bypass via Apple OAuth provider vulnerability discovered by István Márton in WordPress Plugin Nextend Social Login Pro versions = 3.1.16...

9.8CVSS6.8AI score0.0064EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/01/13 7:36 p.m.18 views

CVE-2025-23026 HTML templates containing Javascript template strings are subject to XSS in jte

jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...

6.1CVSS0.00285EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/12/19 3:49 a.m.3 views

SUSE CVE-2024-55657

SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's /api/template/render endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16...

7.5CVSS6.9AI score0.00731EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/12/19 3:49 a.m.4 views

SUSE CVE-2024-55659

SiYuan is a personal knowledge management system. Prior to version 3.1.16, the /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting via the file write. Version 3.1.16 contains a patch for the issue...

5.4CVSS6.3AI score0.0037EPSS
Exploits0References3
NVD
NVD
added 2024/12/12 2:15 a.m.30 views

CVE-2024-55659

SiYuan is a personal knowledge management system. Prior to version 3.1.16, the /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting via the file write. Version 3.1.16 contains a patch for the issue...

8.7CVSS0.0037EPSS
Exploits0References2
Rows per page
Query Builder