CVE-2026-48598

creationtimestamp| type| source ---|---|--- 2026-06-02 20:53:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndhzwkych27 2026-06-09 15:00:06+00:00| published-proof-of-concept| Telegram/zS0m-Smw9tMC2xQZhVRiFtrXmVStzlksgIyfU5bMHDdEXnY...

CVE-2026-48598

Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, LF \n, o...

CVE-2025-48598

In multiple locations, there is a possible way to alter the primary user's face unlock settings due to a confused deputy. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2025-48598

Malicious code in bella-lupis98-sukiwir npm...

EUVD-2023-48598

Malicious code in bioql PyPI...

CVE-2023-48598

creationtimestamp| type| source ---|---|--- 2024-01-06 15:26:47+00:00| seen| https://t.me/ctinow/163951...

CVE-2023-48598

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2023-48598

Adobe Experience Manager (AEM) versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The root cause is a stored XSS condition that could allow a low-privileged attacker to inject malicious scripts, with JavaScript potentially exec...

CVE-2022-48598

creationtimestamp| type| source ---|---|--- 2023-08-09 22:15:24+00:00| seen| https://t.me/cibsecurity/68122...

CVE-2022-48598

A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48598

ScienceLogic SL1 is affected by a SQL injection in the reporter events type date feature, caused by unsanitized user input passed directly to SQL queries. Root cause: lack of input validation/escaping. Impact: high on confidentiality, integrity, and availability per CVSS 3.1. A fix/affected versi...

McAfee Data Loss Prevention ePO extension cross-site scripting vulnerability (CNVD-2020-48598)

McAfee Data Loss Prevention Endpoint DLPe is an integrated endpoint data protection solution from McAfee, Inc. that prevents theft and accidental disclosure of confidential data and provides security policies for file processing and transmission, shared data flow control and data encryption. The...