Lucene search
K

14 matches found

OSV
OSV
added 2026/06/12 7:6 p.m.11 views

GHSA-JVF5-RXVV-3MCG TYPO3 HTML Sanitizer allows Cross-site Scripting

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

2.1CVSS5AI score0.00282EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/05/04 6:0 a.m.4 views

CVE-2026-43862

In mutt before 2.3.2, the imapauthgss security level is mishandled...

3.7CVSS5.8AI score0.00162EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-43864

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mutt before 2.3.2 has a showsigsummary NULL pointer dereference. CVE-2026-43864 Note that Nessus relies on the presence of the package as reported by the vendor...

2.5CVSS5.4AI score0.00096EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.4 views

Orejime 跨站脚本漏洞

Orejime is an open source user consent management tool from Boscop. A cross-site scripting vulnerability exists in Orejime versions prior to 2.3.2, which stems from embedded javascript code in the data attribute and could lead to the execution of malicious code...

6.1CVSS6.1AI score0.00183EPSS
Exploits0References4
OSV
OSV
added 2025/08/11 5:59 p.m.5 views

GO-2025-3857 OpenBao Root Namespace Operator May Elevate Token Privileges in github.com/openbao/openbao

OpenBao Root Namespace Operator May Elevate Token Privileges in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

7.2CVSS7AI score0.00487EPSS
Exploits0References7
PyPA
PyPA
added 2023/04/07 3:15 p.m.8 views

PYSEC-2023-3

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2...

7.5CVSS7AI score0.02062EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/21 12:0 a.m.7 views

PT-2023-7467

Name of the Vulnerable Software and Affected Versions Apache Airflow Drill Provider versions prior to 2.3.2 Description The issue is related to improper input validation in the Apache Airflow Drill Provider. This can allow a remote attacker to impact the confidentiality of protected information...

8.7CVSS7.1AI score0.02062EPSS
Exploits0References20
CNNVD
CNNVD
added 2021/08/24 12:0 a.m.6 views

joplin 跨站请求伪造漏洞

Joplin is an open source notes and to-do list application. A security vulnerability exists in versions of joplin prior to 2.3.2 that stems from the application's lack of various forms of CSRF checking, leaving it vulnerable to cross-site request forgery attacks...

8.8CVSS7.6AI score0.00403EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/05/05 12:0 a.m.5 views

WordPress 插件跨站脚本漏洞

WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress Elementor Addons-PowerPack Addons for Elementor plugin versions prior to 2.3.2. An attacker can exploit this vulnerability to launch a cross-site scripting attack...

5.4CVSS5.3AI score0.00663EPSS
Exploits1References3
CNVD
CNVD
added 2019/08/05 12:0 a.m.3 views

Magento cross-site scripting vulnerability (CNVD-2019-26246)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engine and payment gateway and other functions. A cross-site scripting vulnerability exists in Magento version 2.1.18 before version 2.1, 2.2.9 before version 2.2...

4.8CVSS6.4AI score0.00557EPSS
Exploits0References1
CNVD
CNVD
added 2019/08/05 12:0 a.m.3 views

Magento Information Disclosure Vulnerability (CNVD-2019-26228)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions . An information disclosure vulnerability exists in Magento version 2.1 before 2.1.18, version 2.2 before 2.2.9, a...

6.5CVSS6.2AI score0.0095EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/03 12:0 a.m.3 views

Magento Input Validation Error Vulnerability (CNVD-2019-39390)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A security vulnerability exists in Magento version 2.1 before 2.1.18, version 2.2 before 2.2.9, and version 2.3...

7.5CVSS7AI score0.02044EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/03 12:0 a.m.4 views

Magento Input Validation Error Vulnerability (CNVD-2019-39385)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions . A security vulnerability exists in Magento version 2.1 before 2.1.18, version 2.2 before 2.2.9, and version 2.3...

7.2CVSS7.4AI score0.01921EPSS
Exploits0References1
CNVD
CNVD
added 2019/06/28 12:0 a.m.4 views

Magento Code Execution Vulnerability (CNVD-2019-39396)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions . A security vulnerability exists in Magento version 2.1 before 2.1.18, version 2.2 before 2.2.9, and version 2.3...

7.2CVSS7.4AI score0.02137EPSS
Exploits0References1
Rows per page
Query Builder