Lucene search
K

650 matches found

Snyk
Snyk
added 2026/03/05 9:13 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper sanitization of HTML anchor tags in the comment and issue description functionality. An attacker can execute arbitrary JavaScript in the context of another user by injecting malicious links...

8.7CVSS5.8AI score0.00306EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/05 9:13 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper sanitization of HTML anchor tags in the comment and issue description functionality. An attacker can execute arbitrary JavaScript in the context of another user by injecting malicious links...

8.7CVSS5.8AI score0.00306EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/03/04 12:26 a.m.10 views

SUSE CVE-2026-25935

Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a project, create a malicious task, and cause an XSS o...

8.6CVSS5.8AI score0.00227EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/02 1:50 a.m.7 views

CVE-2026-28561

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account,...

5.5CVSS5.8AI score0.00227EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/01 12:30 a.m.6 views

EUVD-2026-9110

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account,...

5.5CVSS5.8AI score0.00227EPSS
Exploits0References4
OSV
OSV
added 2026/02/28 10:16 p.m.2 views

CVE-2026-28561

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account,...

4.8CVSS5.8AI score0.00227EPSS
Exploits0References3
NVD
NVD
added 2026/02/28 10:16 p.m.17 views

CVE-2026-28561

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account,...

5.5CVSS0.00227EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/28 9:47 p.m.23 views

CVE-2026-28561 wpForo Forum 2.4.14 Stored XSS via Unescaped Forum Description in Templates

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account,...

5.5CVSS0.00227EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/28 9:47 p.m.5 views

CVE-2026-28561

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account,...

5.5CVSS5.8AI score0.00227EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/28 9:47 p.m.4 views

CVE-2026-28561 wpForo Forum 2.4.14 Stored XSS via Unescaped Forum Description in Templates

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account,...

5.5CVSS5.8AI score0.00227EPSS
Exploits0References3
CVE
CVE
added 2026/02/28 9:47 p.m.21 views

CVE-2026-28561

CVE-2026-28561 affects wpForo Forum 2.4.14 and is a stored cross-site scripting vulnerability. The issue arises from forum description fields being echoed without output escaping across multiple theme template files, allowing an attacker with-admin access or in multisite contexts to set a descrip...

5.5CVSS5.8AI score0.00227EPSS
Exploits0References3Affected Software1
Packet Storm News
Packet Storm News
added 2026/02/25 12:0 a.m.5 views

Predicting Known Vulnerabilities from Attack Descriptions Using Sentence Transformers

Modern infrastructures rely on software systems that remain vulnerable to cyberattacks. These attacks frequently exploit vulnerabilities documented in repositories such as MITRE's Common Vulnerabilities and Exposures CVE. However, Cyber Threat Intelligence resources, including MITRE ATT&CK and CV...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.7 views

PT-2026-21916

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.5 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. A heap-buffer-overflow read occurs during CIccTagTextDescription::Release when strlen reads past a heap buffer...

7.1CVSS6AI score0.00164EPSS
Exploits1References9
CVE
CVE
added 2026/02/21 6:54 a.m.17 views

CVE-2026-27458

LinkAce versions 2.4.2 and earlier are affected by a Stored XSS in the Atom feed at /lists/feed. An authenticated user can inject a CDATA-breaking payload into a list description, escaping the CDATA and injecting an SVG element into the Atom XML, which the browser parses and executes as JavaScrip...

8.7CVSS6AI score0.00218EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/19 1:10 a.m.2 views

CVE-2026-24764 OpenClaw has Remote Code Execution via System Prompt Injection in Slack Channel Descriptions

OpenClaw formerly Clawdbot is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata topic/description can be incorporated into the model's system prompt. Prompt injection is a documented risk for LLM-driven...

3.7CVSS5.5AI score0.002EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/19 1:10 a.m.26 views

CVE-2026-24764 OpenClaw has Remote Code Execution via System Prompt Injection in Slack Channel Descriptions

OpenClaw formerly Clawdbot is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata topic/description can be incorporated into the model's system prompt. Prompt injection is a documented risk for LLM-driven...

3.7CVSS0.002EPSS
Exploits1References3
OSV
OSV
added 2026/02/19 1:10 a.m.6 views

CVE-2026-24764 OpenClaw has Remote Code Execution via System Prompt Injection in Slack Channel Descriptions

OpenClaw formerly Clawdbot is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata topic/description can be incorporated into the model's system prompt. Prompt injection is a documented risk for LLM-driven...

3.7CVSS5.5AI score0.002EPSS
Exploits1References5
CVE
CVE
added 2026/02/19 1:10 a.m.32 views

CVE-2026-24764

OpenClaw (formerly Clawdbot) is affected by a prompt-injection vulnerability (CVE-2026-24764) when Slack integration is enabled. In versions 2026.2.2 and earlier, Slack channel metadata (topic/description) could be incorporated into the model’s system prompt, increasing the surface for injection....

3.7CVSS5.4AI score0.002EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/18 11:20 a.m.6 views

CVE-2026-2570

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

5.5AI score
Exploits0References1
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.8 views

Jenkins 安全漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Vulnerabilities existed in Jenkins versions 2.483 to 2.550, as well as in LTS versions 2.492.1 to...

8CVSS7.3AI score0.00505EPSS
Exploits0References2
Rows per page
Query Builder