Lucene search
K

1931 matches found

RedhatCVE
RedhatCVE
added 2026/05/27 8:13 p.m.13 views

CVE-2026-44667

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 2:42 p.m.11 views

EUVD-2026-32534

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

5CVSS5.9AI score0.00113EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 2:37 p.m.40 views

CVE-2026-49103

Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi...

9.4CVSS0.00303EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:37 p.m.8 views

CVE-2026-49103

Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi...

9.4CVSS5.8AI score0.00303EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 2:23 p.m.15 views

EUVD-2026-32523

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

8CVSS6AI score0.00296EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:23 p.m.11 views

CVE-2026-6957

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

8CVSS6AI score0.00296EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 2:23 p.m.28 views

CVE-2026-6957

Mattermost Plugin versions ≤ 1.1.5 are affected by a path traversal vulnerability in the export path construction from unsanitized filenames received from federated peers. An attacker — specifically an administrator of a remote federated Mattermost server — can cause files to be written to arbitr...

8CVSS6AI score0.00296EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.13 views

GuardDog 安全漏洞

GuardDog is an open-source CLI tool developed by GuardDog, which allows for the identification of malicious PyPI packages. Versions 2.6.0 to 2.9.0 of GuardDog contain security vulnerabilities. These vulnerabilities stem from the default human-readable output, which includes filenames, file...

5CVSS5.9AI score0.00113EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

Mattermost Plugins 安全漏洞

Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions of Mattermost Plugins 1.1.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed...

8CVSS6AI score0.00296EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-44032

Name of the Vulnerable Software and Affected Versions Mattermost Plugins versions prior to 1.1.6 Description Insufficient sanitization of filenames received from federated peers when constructing export destination paths allows a remote administrator of a federated server to perform a path...

8CVSS6AI score0.00296EPSS
Exploits0References4
NVD
NVD
added 2026/05/26 6:16 p.m.16 views

CVE-2026-44667

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS0.00211EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 6:16 p.m.11 views

CVE-2026-44669

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

8.7CVSS0.00211EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:43 p.m.10 views

CVE-2026-44669

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/26 5:43 p.m.25 views

CVE-2026-44669

CVE-2026-44669 affects FACTION, a PenTesting Report Generation and Collaboration Framework. Before version 1.8.3, it is vulnerable to stored XSS in attachment filenames used in the assessment file preview flow. User-supplied filename values are persisted server-side and later rendered into HTML/a...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 5:43 p.m.30 views

CVE-2026-44669 Faction: Stored XSS in Assessment Attachment Filename Preview Rendering

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

8.7CVSS0.00211EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 5:43 p.m.18 views

EUVD-2026-31943

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 5:42 p.m.39 views

CVE-2026-44667 Faction: Stored XSS in Remediation Verification Attachment Filename Preview Rendering

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS0.00211EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/26 5:42 p.m.10 views

CVE-2026-44667 Faction: Stored XSS in Remediation Verification Attachment Filename Preview Rendering

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:42 p.m.9 views

CVE-2026-44667

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/26 5:42 p.m.17 views

EUVD-2026-31942

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References2
Rows per page
Query Builder