Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/01/08 9:22 p.m.2 views

GHSA-RJF8-2WCW-F6MP Salvo is vulnerable to reflected XSS in the list_html function

Summary The function listhtml generates an file view of a folder which includes a render of the current path, in which its inserted in the HTML without proper sanitation, leading to reflected XSS. The request path is decoded and normalized in the matching stage but is not inserted raw in the HTML...

8.8CVSS5.6AI score0.0003EPSS
Exploits1References4
Github Security Blog
Github Security Blogadded 2026/01/08 9:22 p.m.6 views

Salvo is vulnerable to reflected XSS in the list_html function

Summary The function listhtml generates an file view of a folder which includes a render of the current path, in which its inserted in the HTML without proper sanitation, leading to reflected XSS. The request path is decoded and normalized in the matching stage but is not inserted raw in the HTML...

8.8CVSS7.2AI score0.0003EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/01/08 6:21 p.m.3 views

CVE-2026-22256 Salvo is vulnerable to reflected XSS in the list_html function

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded...

8.8CVSS5.8AI score0.0003EPSS
Exploits1References2
CNVD
CNVDadded 2021/10/26 12:0 a.m.11 views

FlashGet Buffer Overflow Vulnerability

FlashGet is a free download manager from the Chinese company FlashGet. Used to create interactive customized graphs, display trends, alerts and schedules. A buffer overflow vulnerability exists in FlashGet v1.9.6, which is caused by a buffer overflow in the software's "current path directory"...

9CVSS8.8AI score0.00581EPSS
Exploits1References1
OSV
OSVadded 2021/10/22 8:15 p.m.1 views

CVE-2020-28967

FlashGet v1.9.6 was discovered to contain a buffer overflow in the 'current path directory' function. This vulnerability allows attackers to elevate local process privileges via overwriting the registers...

8.8CVSS6.1AI score0.00581EPSS
Exploits1References1
CNNVD
CNNVDadded 2021/10/22 12:0 a.m.0 views

FlashGet 缓冲区错误漏洞

FlashGet is a free download manager from the Chinese company FlashGet. Used to create interactive customized graphs, display trends, alerts and schedules. A buffer overflow vulnerability exists in FlashGet v1.9.6, which is caused by a buffer overflow in the software's "current path directory"...

9CVSS6AI score0.00581EPSS
Exploits1References2
PyPA
PyPAadded 2018/07/13 10:29 p.m.5 views

PYSEC-2018-43

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code...

7.8CVSS7.1AI score0.00067EPSS
Exploits0References14Affected Software1
Rows per page
Query Builder