Lucene search
K

1179 matches found

OSV
OSV
added 2026/02/23 6:23 p.m.6 views

GO-2026-4524 Mattermost fails to sanitize sensitive data in WebSocket messages in github.com/mattermost/mattermost-server

Mattermost fails to sanitize sensitive data in WebSocket messages in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fro...

5.7CVSS5.5AI score0.00198EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/19 3:25 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage and html methods. An attacker can cause excessive memory allocation and application unavailability by supplying...

8.7CVSS5.6AI score0.00717EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/16 12:30 p.m.6 views

EUVD-2025-206981

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to sanitize sensitive data in WebSocket messages which allows authenticated users to exfiltrate password hashes and MFA secrets via profile nickname updates or email verification events. Mattermost Advisory ID:...

5.7CVSS5.5AI score0.00198EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.4 views

CVE-2023-4757

The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could...

5.4CVSS6.6AI score0.00395EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:36 a.m.7 views

CVE-2021-41917

webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and...

5.4CVSS5.8AI score0.00549EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:0 a.m.9 views

CVE-2020-7109

The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template...

9.8CVSS7AI score0.01675EPSS
Exploits0References1
OSV
OSV
added 2026/01/08 3:15 p.m.6 views

UBUNTU-CVE-2026-22028

Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DOM elements from being constructed from arbitrary JSON. A regression introduced in Preact 10.26.5 caused this protection to be softened. In applications where values from JSON payloads are assumed t...

9.2CVSS6.1AI score0.00227EPSS
Exploits1References3
OSV
OSV
added 2026/01/08 2:16 p.m.8 views

CVE-2026-22028 Preact has JSON VNode Injection issue

Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DOM elements from being constructed from arbitrary JSON. A regression introduced in Preact 10.26.5 caused this protection to be softened. In applications where values from JSON payloads are assumed t...

9.2CVSS6.5AI score0.00227EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.11 views

PT-2025-52495

Name of the Vulnerable Software and Affected Versions Orejime versions prior to 2.3.2 Description Orejime, a consent manager focusing on accessibility, had a flaw where malicious code could be executed on HTML elements it handled. This occurred because the software, prior to version 2.3.2, would...

6.3CVSS7.1AI score0.00183EPSS
Exploits0References9
OSV
OSV
added 2025/12/17 9:30 p.m.3 views

GHSA-G6QX-WQ5W-WR8V Mattermost Desktop App exposes sensitive information in its application logs

Mattermost Desktop App versions 6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs. A fix is available for...

3.3CVSS6.8AI score0.001EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.7 views

PT-2025-47299

Name of the Vulnerable Software and Affected Versions WinPlus version 24.11.27 Description A stored Cross-site Scripting XSS issue exists in WinPlus version 24.11.27 due to insufficient validation of user-supplied data. This allows a remote attacker to send a malicious query to an authenticated...

5.1CVSS5.9AI score0.00289EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.6 views

PT-2025-44778

Name of the Vulnerable Software and Affected Versions Car-Booking-System-PHP version 1.0 Description Car-Booking-System-PHP version 1.0 is susceptible to SQL Injection in the /carlux/sign-in.php file. The vulnerability exists due to insufficient input validation when processing user-supplied data...

9.8CVSS7.6AI score0.00483EPSS
Exploits1References5
Packet Storm News
Packet Storm News
added 2025/10/25 12:0 a.m.10 views

SecureLearn - an Attack-Agnostic Defense for Multiclass Machine Learning against Data Poisoning Attacks

Data poisoning attacks are a potential threat to machine learning ML models, aiming to manipulate training datasets to disrupt their performance. Existing defenses are mostly designed to mitigate specific poisoning attacks or are aligned with particular ML algorithms. Furthermore, most defenses a...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-25854

Malware in sbrugna...

9.8CVSS9.4AI score0.02358EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-0900

Malware in sbrugna...

4.4CVSS5AI score0.00394EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-11883

Malware in sbrugna...

5.4CVSS5.4AI score0.00591EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-28695

Malware in sbrugna...

5.4CVSS5.5AI score0.00835EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-11978

Malware in sbrugna...

4.8CVSS4.9AI score0.00552EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-10339

Malware in sbrugna...

9.8CVSS9.4AI score0.04185EPSS
Exploits5References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-27946

Malware in sbrugna...

8.8CVSS9AI score0.01493EPSS
Exploits0References6
Rows per page
Query Builder