Lucene search
+L

20 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.13 views

CVE-2026-42887

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...

4.5CVSS5.4AI score0.00207EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 8:25 p.m.15 views

CVE-2026-42887

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...

4.5CVSS0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 7:55 p.m.41 views

CVE-2026-42887 Audiobookshelf: Stored Cross-Site Scripting in Login Page Custom Message

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...

4.5CVSS0.00207EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 7:55 p.m.4 views

CVE-2026-42887 Audiobookshelf: Stored Cross-Site Scripting in Login Page Custom Message

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...

4.5CVSS6AI score0.00207EPSS
Exploits0References3
CVE
CVE
added 2026/05/11 7:55 p.m.21 views

CVE-2026-42887

CVE-2026-42887 affects Audiobookshelf before version 2.33.0. The issue is a stored cross-site scripting (XSS) in the Login Page caused by improper sanitization of the authLoginCustomMessage field in the /api/auth-settings endpoint. An attacker with administrative privileges can inject arbitrary H...

4.5CVSS5.8AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/20 6:31 a.m.7 views

EUVD-2026-23760

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

5.3CVSS5.3AI score0.00152EPSS
Exploits0References5
NVD
NVD
added 2026/04/20 4:16 a.m.11 views

CVE-2026-6598

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

5.3CVSS0.00152EPSS
Exploits0References4
CVE
CVE
added 2026/04/20 2:45 a.m.32 views

CVE-2026-6598

CVE-2026-6598 affects langflow-ai langflow up to 1.8.3. The vulnerability lies in the function create_project/encrypt_auth_settings (src/backend/base/Langflow/api/v1/projects.py), where manipulation of the auth_settings argument can cause cleartext storage on disk. The issue can be triggered remo...

5.3CVSS5.3AI score0.00152EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/20 2:45 a.m.12 views

CVE-2026-6598

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

5.3CVSS5.3AI score0.00152EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.17 views

PT-2026-33704

Name of the Vulnerable Software and Affected Versions langflow-ai langflow versions prior to 1.8.4 Description An issue exists in the Project Creation Endpoint where manipulation of the auth settings argument in the encrypt auth settings function within the...

5.3CVSS6AI score0.00152EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/01/09 10:56 a.m.7 views

CVE-2022-38814

A stored cross-site scripting XSS vulnerability in the authsettings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfgloid text field...

5.4CVSS5.1AI score0.02594EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-2987

Malware in sbrugna...

4.3CVSS6.4AI score0.02499EPSS
Exploits0References5
OSV
OSV
added 2022/09/15 8:15 p.m.9 views

CVE-2022-38814

A stored cross-site scripting XSS vulnerability in the authsettings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfgloid text field...

5.4CVSS5.9AI score0.02594EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/09/15 8:15 p.m.2 views

CVE-2022-38814

A stored cross-site scripting XSS vulnerability in the authsettings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfgloid text field...

5.4CVSS5.9AI score0.02594EPSS
Exploits1References2
Prion
Prion
added 2022/09/15 8:15 p.m.22 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the authsettings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfgloid text field...

4.9CVSS5.2AI score0.02594EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/15 12:0 a.m.6 views

PT-2022-24581 · Fiberhome · Fiberhome An5506-02-B

Name of the Vulnerable Software and Affected Versions: FiberHome AN5506-02-B version vRP2521 Description: A stored cross-site scripting XSS issue in the auth settings component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfg loid text field...

5.4CVSS5.5AI score0.02594EPSS
Exploits1References4
Prion
Prion
added 2018/11/26 11:29 p.m.18 views

Command injection

System Command Injection in network.setauthsettings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters...

6.5CVSS7.4AI score0.02776EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2014/07/03 2:55 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter...

4.3CVSS6.1AI score0.02499EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2014/07/03 2:0 p.m.45 views

CVE-2014-2965

CVE-2014-2965 is a reflected XSS in SpamTitan’s management interface, affecting auth-settings-x.php prior to version 6.04. The vulnerability allows an attacker to inject arbitrary script via the sortdir parameter, executing in a user’s browser context. SpamTitan addressed this with a 6.04 patch; ...

4.3CVSS5.9AI score0.02499EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2012/08/31 9:55 p.m.6 views

CVE-2011-5149

Multiple cross-site scripting XSS vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 testaddr or 2 testpass parameter to auth-settings.php; 3 hostname, 4 domainname, or 5 mailserver parameter to setup-relay.php; or 6 subnetmask or...

4.3CVSS5.4AI score0.0208EPSS
Exploits1References8
Rows per page
Query Builder