Lucene search
K

1062 matches found

RedHat Linux
RedHat Linux
added 2026/02/26 2:36 p.m.6 views

golang: html/template: errors returned from MarshalJSON methods may break template escaping

A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into...

5.4CVSS5.7AI score0.00795EPSS
Exploits0References8
CVE
CVE
added 2026/02/26 8:33 a.m.25 views

CVE-2026-28132

The CVE-2026-28132 issue affects the WordPress WooCommerce Photo Reviews plugin by Villatheme, specifically versions up to and including 1.4.4. The vulnerability is described as Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) that enables Code Injection. The availabl...

5.3CVSS5.4AI score0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/26 8:33 a.m.3 views

CVE-2026-28132 WordPress WooCommerce Photo Reviews plugin <= 1.4.4 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through = 1.4.4...

5.3CVSS5.4AI score0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 8:33 a.m.25 views

CVE-2026-28132 WordPress WooCommerce Photo Reviews plugin <= 1.4.4 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through = 1.4.4...

5.3CVSS0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.4 views

CVE-2026-2731

Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 all and 9 9.19.7 and 9.20.3 allows unauthenticated attackers to execute code via simple web requests...

10CVSS5.7AI score0.00535EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 7:17 a.m.7 views

CVE-2026-2731

Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 all and 9 9.19.7 and 9.20.3 allows unauthenticated attackers to execute code via simple web requests...

10CVSS0.00535EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 6:46 a.m.27 views

CVE-2026-2731

The CVE describes an unauthenticated remote code execution vulnerability in Dynamicweb 8 and 9 due to path traversal and content injection in JobRunnerBackground.aspx. Affected versions are Dynamicweb 8 (all) and Dynamicweb 9 before 9.19.7 and before 9.20.3. The issue enables unauthenticated atta...

10CVSS5.7AI score0.00535EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 6:46 a.m.2 views

CVE-2026-2731 Unauthenticated RCE in Dynamicweb 9 and Dynamicweb 8

Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 all and 9 9.19.7 and 9.20.3 allows unauthenticated attackers to execute code via simple web requests...

10CVSS5.7AI score0.00535EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.14 views

PT-2026-20649

Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 all and 9 9.19.7 and 9.20.3 allows unauthenticated attackers to execute code via simple web requests...

10CVSS5.7AI score0.00535EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

DynamicWeb 安全漏洞

DynamicWeb is a full-stack digital experience platform developed by the American company DynamicWeb. Versions of DynamicWeb prior to 9.9.19.7 and 9.20.3 contained security vulnerabilities. These vulnerabilities were caused by path traversal and content injection in the JobRunnerBackground.aspx...

10CVSS6AI score0.00535EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-14560

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain...

7.3CVSS5.9AI score0.00217EPSS
Exploits0References2
NVD
NVD
added 2026/02/11 12:16 p.m.8 views

CVE-2025-14560

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious conten...

7.3CVSS0.00217EPSS
Exploits0References3
NCSC
NCSC
added 2026/02/11 11:45 a.m.21 views

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions prior to 18.6.6, 18.7.4, and 18.8.4. The vulnerabilities include server-side request forgery, unauthorized access to internal network services, injection of malicious content, unauthorized actions via the GLQL API,...

9.1CVSS5.6AI score0.004EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.6 views

CVE-2025-14560

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious conten...

7.3CVSS6AI score0.00217EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/05 7:26 a.m.7 views

CVE-2025-29867

Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681;...

8.5CVSS5.3AI score0.00242EPSS
Exploits0References1
NVD
NVD
added 2026/02/04 5:16 a.m.7 views

CVE-2025-29867

Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681;...

8.5CVSS0.00242EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/04 4:46 a.m.27 views

CVE-2025-29867

Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681;...

8.5CVSS0.00242EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/04 4:46 a.m.4 views

CVE-2025-29867

Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681;...

8.5CVSS5.3AI score0.00242EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/04 4:46 a.m.6 views

EUVD-2025-206779

Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681;...

8.5CVSS5.3AI score0.00242EPSS
Exploits0References2
CVE
CVE
added 2026/02/04 4:46 a.m.43 views

CVE-2025-29867

CVE-2025-29867 describes a type confusion vulnerability in Hancom Office products (Office 2018, 2020, 2022, 2024) that permits file content injection. Affected versions are: Office 2018 before 10.0.0.12681; Office 2020 before 11.0.0.8916; Office 2022 before 12.0.0.4426; Office 2024 before 13.0.0....

8.5CVSS5.3AI score0.00242EPSS
Exploits0References2
Rows per page
Query Builder