Lucene search
K

28 matches found

Cvelist
Cvelist
added 11 hours ago6 views

CVE-2026-57244 Foxit PDF Editor/Reader Form Control Use-After-Free Vulnerability

After JavaScript resetting the form, the synchronization process lacks re-entry protection and object lifecycle verification, resulting in the failure of the control pointer during the traversal process. After the pointer fails, it still continues to dereference, causing the application to crash...

7.8CVSS
Exploits0References1
CVE
CVE
added 11 hours ago9 views

CVE-2026-57244

CVE-2026-57244 affects Foxit PDF Editor/Reader Form Control. The root cause is a missing re-entry protection and object lifecycle verification during form synchronization after JavaScript resets, causing a control pointer dereference after a failure and resulting in a crash. The CVSSv3.1 vector i...

7.8CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 7:53 p.m.35 views

CVE-2022-50686 Kentico Xperience <= 12.0 Portal Engine Form Control Information Disclosure

An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive stack trace details via Portal Engine form control error messages. Detailed error messages can expose internal system information and potentially reveal implementation details to unauthorized users...

7.5CVSS0.00259EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/18 7:53 p.m.3 views

CVE-2022-50686 Kentico Xperience <= 12.0 Portal Engine Form Control Information Disclosure

An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive stack trace details via Portal Engine form control error messages. Detailed error messages can expose internal system information and potentially reveal implementation details to unauthorized users...

7.5CVSS5.8AI score0.00259EPSS
Exploits0References2
CVE
CVE
added 2025/12/18 7:53 p.m.12 views

CVE-2022-50686

CVE-2022-50686 affects Kentico Xperience (

7.5CVSS5.8AI score0.00259EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.4 views

Kentico Xperience 安全漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an information disclosure vulnerability that can be exploited by attackers to cause information disclosure...

7.5CVSS5.8AI score0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.6 views

PT-2025-52308

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description An information disclosure issue exists in Kentico Xperience. Attackers can view sensitive stack trace details through Portal Engine form control error messages. This disclosure of...

7.5CVSS6AI score0.00259EPSS
Exploits0References4
Prion
Prion
added 2022/06/24 3:15 p.m.16 views

Design/Logic Flaw

Title for CVE: XSS in /dashboard/system/express/entities/forms/savecontrol/GUID: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 can...

4.3CVSS6AI score0.00847EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/06/24 3:0 p.m.6 views

CVE-2022-30118

Title for CVE: XSS in /dashboard/system/express/entities/forms/savecontrol/GUID: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 can...

6.1CVSS6.2AI score0.00847EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/14 1:4 a.m.36 views

Improper Input Validation in Jenkins

The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, , supports form validation e.g. for API keys. The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations o...

2.2CVSS0.1AI score0.00391EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2020/12/05 6:3 a.m.25 views

Stored Cross Site Scripting

Jenkins is vulnerable to stored cross site scripting. An attacker is able to exploit a stored Cross Site Scripting as the f:expandable TextBox form control interprets its content as HTML when expanded...

5.4CVSS0.5AI score0.01033EPSS
Exploits0References5Affected Software69
RedhatCVE
RedhatCVE
added 2019/10/22 9:21 p.m.23 views

CVE-2019-10401

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents typically Job/Configure...

5.4CVSS1.6AI score0.01033EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/09/26 12:0 a.m.38 views

FreeBSD : jenkins -- multiple vulnerabilities (9720bb39-f82a-402f-9fe4-e2c875bdda83)

Jenkins Security Advisory : DescriptionMedium SECURITY-1498 / CVE-2019-10401 Stored XSS vulnerability in expandable textbox form control Medium SECURITY-1525 / CVE-2019-10402 XSS vulnerability in combobox form control Medium SECURITY-1537 1 / CVE-2019-10403 Stored XSS vulnerability in SCM tag...

5.4CVSS5.2AI score0.65753EPSS
Exploits0References8
NVD
NVD
added 2019/09/25 4:15 p.m.22 views

CVE-2019-10402

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents...

5.4CVSS5.1AI score0.01033EPSS
Exploits0References2
CVE
CVE
added 2019/09/25 3:5 p.m.135 views

CVE-2019-10401

CVE-2019-10401 corresponds to a stored XSS in Jenkins up to 2.196 and LTS 2.176.3 due to the f:expandableTextBox form control interpreting content as HTML, allowing exploitation by users who can define its contents (e.g., Job/Configure). Connected sources confirm the exact vulnerable component an...

5.4CVSS4.9AI score0.01033EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/04/10 8:12 p.m.146 views

CVE-2019-1003050

CVE-2019-1003050 affects Jenkins core UI: the f:validateButton form control did not properly escape job URLs, enabling a cross-site scripting (XSS) vulnerability. Vulnerable in Jenkins versions 2.171 and earlier and Jenkins LTS 2.164.1 and earlier; exploit requires a user with the ability to cont...

5.4CVSS5.2AI score0.01346EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2018/01/26 2:29 a.m.19 views

CVE-2017-1000401

The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, , supports form validation e.g. for API keys. The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations o...

2.2CVSS4.2AI score
Exploits0References1
Prion
Prion
added 2018/01/26 2:29 a.m.23 views

Default credentials

The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, , supports form validation e.g. for API keys. The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations o...

1.2CVSS3.8AI score0.00391EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/01/26 2:0 a.m.101 views

CVE-2017-1000401

CVE-2017-1000401 affects Jenkins versions 2.73.1 and earlier, and 2.83 and earlier, where the default form control used GET for validation requests. This could cause secrets (e.g., API keys) to be logged in HTTP access logs in non-default configurations. The issue has been mitigated by changing ...

2.2CVSS4AI score0.00391EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2017/11/21 11:22 a.m.22 views

CVE-2017-1000401

The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, , supports form validation e.g. for API keys. The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations o...

2.2CVSS0.8AI score0.00391EPSS
Exploits0References2
Rows per page
Query Builder