Lucene search
+L

2410 matches found

nuclei
nuclei
added 6 hours ago34 views

Bootstrap Multiselect <= 1.1.2 - Cross-Site Scripting

A PHP script in the source code release echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability exploitable through Cross-Site Request Forgery CSRF. id: CVE-2025-47204 info: name: Bootstr...

6.1CVSS6.2AI score0.00424EPSS
Exploits0References1
cgr
cgr
added yesterday8 views

CVE-2026-45491 vulnerabilities

Vulnerabilities for packages: dotnet-bootstrap...

6.2CVSS6.7AI score0.00388EPSS
Exploits0
cgr
cgr
added yesterday6 views

GHSA-7Q4V-2MR6-5GPX vulnerabilities

Vulnerabilities for packages: dotnet-bootstrap...

6.1AI score
Exploits0
cgr
cgr
added yesterday6 views

CVE-2026-45591 vulnerabilities

Vulnerabilities for packages: dotnet-bootstrap...

7.5CVSS7AI score0.0243EPSS
Exploits0
cgr
cgr
added yesterday9 views

GHSA-F8H2-VMM9-QHJ6 vulnerabilities

Vulnerabilities for packages: dotnet-bootstrap...

6.1AI score
Exploits0
wolfi
wolfi
added yesterday8 views

GHSA-F8H2-VMM9-QHJ6 vulnerabilities

Vulnerabilities for packages: dotnet-bootstrap...

6.1AI score
Exploits0
wolfi
wolfi
added yesterday7 views

GHSA-7Q4V-2MR6-5GPX vulnerabilities

Vulnerabilities for packages: dotnet-bootstrap...

6.1AI score
Exploits0
wolfi
wolfi
added yesterday8 views

CVE-2026-45491 vulnerabilities

Vulnerabilities for packages: dotnet-bootstrap...

6.2CVSS6.7AI score0.00388EPSS
Exploits0
wolfi
wolfi
added yesterday7 views

CVE-2026-45591 vulnerabilities

Vulnerabilities for packages: dotnet-bootstrap...

7.5CVSS7AI score0.0243EPSS
Exploits0
cvelist
cvelist
added 2 days ago26 views

CVE-2026-36214

osTicket versions from 1.10 up to 1.17.7 and from 1.18.0 up to 1.18.3 are vulnerable to a stored XSS due to a vulnerable Bootstrap Tooltip component and insufficient HTML sanitization, allowing remote attackers to execute arbitrary JavaScript in Agent or Admin sessions...

0.00392EPSS
Exploits2References6
cve
cve
added 2 days ago5 views

CVE-2026-36214

CVE-2026-36214 — osTicket Stored XSS affects osTicket versions 1.10–1.17.7 and 1.18.0–1.18.3 due to a vulnerable Bootstrap Tooltip (3.3.4) and insufficient HTML sanitization. The attack stores a malicious JS payload in a ticket attachment and executes it when an Agent/Admin views the ticket, enab...

5.4CVSS6.3AI score0.00392EPSS
Exploits2References6
osv
osv
added 5 days ago3 views

CVE-2026-61454 Grav before 2.0.4 Information Disclosure via __GRAV_CONFIG__

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS6.1AI score0.00239EPSS
Exploits0References4
metasploit
metasploit
added 6 days ago16 views

XOR Encoder with Cipher Feedback

Dword XOR encoder with cipher feedback for RISC-V 64-bit Little Endian. Each dword is XORed with the previous encoded dword rather than a static key, creating a chained dependency that makes the output more resistant to frequency analysis. The first dword is XORed with the key to bootstrap the...

6.1AI score
Exploits0
osv
osv
added 6 days ago3 views

MAL-2026-10133 Malicious code in stella-ai-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936d3c8bc6611b58f5321ba5aab651bb3d2db821d172816283ca04633be00863 The stella CLI shipped in bin/stella.js prompts users for their phone number and the WhatsApp verification code and POSTs both to a hardcoded bare-IP...

6.2AI score
Exploits0References9
euvd
euvd
added 2026/07/09 6:7 a.m.7 views

EUVD-2026-42514

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...

8.9CVSS7.1AI score0.00148EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/07 3:19 a.m.33 views

CVE-2026-34048 Coolify: Missing authorization on terminal websocket bootstrap routes allows low-privileged members to execute commands on team servers

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS0.00405EPSS
Exploits0References3
cve
cve
added 2026/07/07 3:19 a.m.19 views

CVE-2026-34048

CVE-2026-34048 concerns Coolify prior to 4.0.0-beta.471, where terminal websocket bootstrap routes failed to enforce terminal authorization, only checking authentication. This allowed a low-privileged team member to connect to terminal routes and execute commands on team servers. The issue is fix...

9.9CVSS6AI score0.00405EPSS
Exploits0References3
osv
osv
added 2026/07/07 3:19 a.m.4 views

CVE-2026-34048 Coolify: Missing authorization on terminal websocket bootstrap routes allows low-privileged members to execute commands on team servers

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS6AI score0.00405EPSS
Exploits0References5
ossf
ossf
added 2026/07/06 6:52 p.m.8 views

Malicious code in bootstrap-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9ac4913fc1ffcabe1ed6637abc6d532abc014683f48b341ece6127a51da15d8 The package's index.js is heavily obfuscated with classic string-array shuffling patterns e.g., while!! loops with repeated 'shift' calls and...

6AI score
Exploits0References2
osv
osv
added 2026/07/06 6:52 p.m.8 views

MAL-2026-6807 Malicious code in bootstrap-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9ac4913fc1ffcabe1ed6637abc6d532abc014683f48b341ece6127a51da15d8 The package's index.js is heavily obfuscated with classic string-array shuffling patterns e.g., while!! loops with repeated 'shift' calls and...

6.1AI score
Exploits0References2
Rows per page
Query Builder