Lucene search
K

39 matches found

Github Security Blog
Github Security Blog
added 2026/05/13 1:35 a.m.12 views

Mapfish Print: Remote Code Injection (RCE) in Dynamic table

Impact The attacker can execute arbitrary code without being authenticated Mitigation Upgrade to a patched version please check affected/patched version matrix Credits Bug Bounty of Canton du Jura...

9.3CVSS6.2AI score0.00325EPSS
Exploits0References3Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/07 7:47 p.m.2 views

CVE-2026-39837 Stored XSS through the dynamic table format in Cargo

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS5.9AI score0.00189EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/07 7:47 p.m.15 views

CVE-2026-39837 Stored XSS through the dynamic table format in Cargo

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS0.00189EPSS
Exploits1References2
CVE
CVE
added 2026/04/07 7:47 p.m.12 views

CVE-2026-39837

CVE-2026-39837 is a stored XSS vulnerability in the WikiWorks MediaWiki – Cargo Extension affecting versions before 3.8.7. The issue stems from the improper neutralization of Script-Related HTML tags in a web page, enabling stored cross-site scripting. The connected records do not provide explici...

6.3CVSS5.9AI score0.00189EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 8:16 p.m.7 views

neqo-qpack has iInteger overflow in qpack dynamic table indexing

Summary An unsanitized qpack index can lead to an integer overflow, panicing in debug mode, accessing the wrong or no dynamic table entry in release mode. What does this mean for Firefox? Firefox runs Neqo in release mode. A malicious remote can cause its own QUIC connection to fail to use qpack,...

6AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/04 8:16 p.m.2 views

GHSA-6W86-WGWQ-RGQ8 neqo-qpack has iInteger overflow in qpack dynamic table indexing

Summary An unsanitized qpack index can lead to an integer overflow, panicing in debug mode, accessing the wrong or no dynamic table entry in release mode. What does this mean for Firefox? Firefox runs Neqo in release mode. A malicious remote can cause its own QUIC connection to fail to use qpack,...

5.1CVSS6AI score
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-27091

Malicious code in bioql PyPI...

6.1CVSS4.9AI score0.00364EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/09/09 1:30 a.m.6 views

CVE-2025-10066

A security vulnerability has been detected in itsourcecode POS Point of Sale System 1.0. The affected element is an unknown function of the file /inventory/main/vendors/datatables/unittesting/templates/dymanictable.php. Such manipulation of the argument scripts leads to cross site scripting. The...

6.1CVSS3.8AI score0.00364EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/09 12:0 a.m.3 views

POS Point of Sale System /dymanic_table.php File Cross-Site Scripting Vulnerability

POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the parameter scripts in the file...

6.1CVSS6.1AI score0.00364EPSS
Exploits1References1
CVE
CVE
added 2025/09/07 1:2 a.m.21 views

CVE-2025-10066

CVE-2025-10066 affects itsourcecode POS Point of Sale System 1.0. The vulnerability is an XSS in an unknown function within /inventory/main/vendors/datatables/unit_testing/templates/dymanic_table.php caused by improper handling of the scripts argument. This could allow remote attackers to execute...

6.1CVSS3.9AI score0.00364EPSS
Exploits1References5Affected Software1
CNVD
CNVD
added 2024/11/07 12:0 a.m.2 views

Online Shopping Portal dymanic_table.php File Cross-Site Scripting Vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from a lack of valid filtering and escaping of user-supplied data in the scripts parameter of file...

6.1CVSS6.3AI score0.00393EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/11/04 2:31 a.m.15 views

CVE-2024-10754 PHPGurukul Online Shopping Portal dymanic_table.php cross site scripting

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/assets/plugins/DataTables/media/unittesting/templates/dymanictable.php. The manipulation of the argument scripts leads to cross site...

5.3CVSS6.4AI score0.00393EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/11/04 12:0 a.m.5 views

PHPGurukul Online Shopping Portal 跨站脚本漏洞

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from a lack of valid filtering and escaping of user-supplied data in the scripts parameter of file...

6.1CVSS4.6AI score0.00393EPSS
Exploits1References5
OSV
OSV
added 2019/07/05 9:11 p.m.24 views

GHSA-FFQ8-576R-V26G HPACK Denial of Service vulnerability (HPACK Bomb)

A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK...

8.7CVSS7.3AI score0.01757EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2018/02/02 12:0 a.m.10 views

The vulnerability of the experimental implementation of the HTTP/2 protocol in the Apache Traffic Server allows a attacker to execute arbitrary code or cause a service failure.

The vulnerability of the experimental implementation of the HTTP/2 protocol in the Apache Traffic Server web server arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failur...

9.8CVSS6.2AI score0.05438EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2017/10/30 2:29 p.m.3 views

UBUNTU-CVE-2015-3249

The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service out-of-bounds access and daemon crash or possibly execute arbitrary code via vectors related to the 1 framehandlers array or 2 setdynamictablesize function...

9.8CVSS7.6AI score0.05438EPSS
Exploits0References4
OSV
OSV
added 2017/10/30 2:29 p.m.4 views

DEBIAN-CVE-2015-3249

The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service out-of-bounds access and daemon crash or possibly execute arbitrary code via vectors related to the 1 framehandlers array or 2 setdynamictablesize function...

9.8CVSS9.2AI score0.05438EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/10/30 2:0 p.m.23 views

CVE-2015-3249

The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service out-of-bounds access and daemon crash or possibly execute arbitrary code via vectors related to the 1 framehandlers array or 2 setdynamictablesize function...

9.8AI score0.05438EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/01/10 3:0 p.m.30 views

CVE-2016-6581

A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK...

7.4AI score0.01757EPSS
Exploits0References2
Rows per page
Query Builder