Lucene search
K

126 matches found

Vulnrichment
Vulnrichment
added 2026/03/17 12:2 p.m.6 views

CVE-2025-62320 HTML Injection Leading to Data Exfiltration to External Server vulnerability affects HCL Unica Platform

HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external...

4.7CVSS5.8AI score0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/17 12:2 p.m.24 views

CVE-2025-62320 HTML Injection Leading to Data Exfiltration to External Server vulnerability affects HCL Unica Platform

HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external...

4.7CVSS0.00158EPSS
Exploits0References1
CVE
CVE
added 2026/03/17 12:2 p.m.8 views

CVE-2025-62320

CVE-2025-62320 describes an HTML Injection vulnerability affecting the HCL Unica Platform. The issue arises when a web application does not properly validate or sanitize user input before rendering it on pages, enabling an attacker to inject HTML. When a browser loads the affected page, it may au...

6.1CVSS5.8AI score0.00158EPSS
Exploits0References1Affected Software9
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.12 views

vito 安全漏洞

VitoDeploy is an open-source web application for server management and PHP application deployment. Versions of Vito before 3.20.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks during the workflow site creation process. This could allow a...

9.9CVSS5.8AI score0.00367EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/03 2:26 a.m.32 views

CVE-2026-24934 An improper certificate validation vulnerability was found in ADM while querying an external server for the device's WAN IP address.

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

6.3CVSS0.00156EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-21361

Malware in sbrugna...

5.3CVSS5.3AI score0.15254EPSS
Exploits3References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-1343

Malware in sbrugna...

4.3CVSS5.2AI score0.01031EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-5496

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.02848EPSS
Exploits3References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-27249

Malicious code in bioql PyPI...

8.6CVSS6.4AI score0.00431EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-23407

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00338EPSS
Exploits0References1
NVD
NVD
added 2025/10/03 7:15 a.m.6 views

CVE-2025-61589

Cursor is a code editor built for programming with AI. In versions 1.6 and below, Mermaid a to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled server throug...

5.9CVSS0.00274EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/03 6:48 a.m.6 views

CVE-2025-61589 Cursor: Potential Information Leakage via Mermaid Diagram

Cursor is a code editor built for programming with AI. In versions 1.6 and below, Mermaid a to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled server throug...

5.9CVSS0.00274EPSS
Exploits0References2
CVE
CVE
added 2025/10/03 6:48 a.m.20 views

CVE-2025-61589

CVE-2025-61589 affects Cursor: in versions 1.6 and earlier, Mermaid diagram rendering can embed images that are rendered in the chat box, enabling an attacker to exfiltrate sensitive information to a third‑party server via an image fetch after a prompt injection. The issue requires malicious inpu...

5.9CVSS6.7AI score0.00274EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.5 views

PT-2025-36729

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ThinManager® affected versions not specified Description: A server-side request forgery issue exists in Rockwell Automation ThinManager® software due to insufficient input sanitization. Authenticated attackers can exploit...

8.6CVSS6.1AI score0.00431EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/08/04 9:33 a.m.4 views

CVE-2025-54132

Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid which is used to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled serve...

7.5CVSS7.3AI score0.00338EPSS
Exploits0References1
NVD
NVD
added 2025/08/01 11:15 p.m.10 views

CVE-2025-54132

Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid which is used to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled serve...

7.5CVSS0.00338EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/01 11:5 p.m.2 views

CVE-2025-54132 Cursor's Mermaid Diagram Tool is Vulnerable to an Arbitrary Image Fetch

Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid which is used to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled serve...

4.4CVSS6.5AI score0.00338EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/07/28 6:16 p.m.7 views

CVE-2025-8283

A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be us...

3.7CVSS5.7AI score0.0029EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/07/28 12:0 a.m.5 views

Red Hat Enterprise Linux 安全漏洞

Red Hat Enterprise Linux is a Linux operating system for business users from the American company Red Hat. A security vulnerability exists in Red Hat Enterprise Linux that stems from a DNS search domain removal that could cause connections to be forwarded to an unexpected external server...

3.7CVSS6.3AI score0.0029EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/31 3:8 p.m.10 views

CVE-2025-27095 JumpServer has a Kubernetes Token Leak Vulnerability

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to 4.8.0 and 3.10.18, an attacker with a low-privileged account can access the Kubernetes session feature and manipulate the kubeconfig file to redirect API requests to an external server...

4.3CVSS4.5AI score0.00307EPSS
Exploits1References1
Rows per page
Query Builder