Lucene search
K

132 matches found

GithubExploit
GithubExploit
added 2025/11/22 6:4 p.m.146 views

ruby-web-vulnerability-tester

ruby-web-vulnerability-tester 🔎 Ruby Web Application Vulnera...

7.8AI score
Exploits0
OSV
OSV
added 2025/10/30 10:15 p.m.4 views

CVE-2021-47699

Nagios XI versions prior to 5.8.7 are vulnerable to cross-site scripting XSS via the Audit Log page’s Send to NLS form. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.4CVSS5.9AI score0.00383EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/14 12:0 a.m.3 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. A...

5.4CVSS5.7AI score0.00217EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2005-4269

Malware in sbrugna...

5CVSS6.4AI score0.01334EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-0708

Malware in sbrugna...

5CVSS6.1AI score0.02084EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-25047

Malware in sbrugna...

5.4CVSS5.5AI score0.00605EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/07 12:3 a.m.18 views

CVE-2025-29192

Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...

8.2CVSS6.1AI score0.00382EPSS
Exploits1References1
OSV
OSV
added 2025/10/06 3:31 a.m.5 views

GHSA-WQ95-WR7M-26H4 Duplicate Advisory: Flowise Stored XSS vulnerability through logs in chatbot

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7r4h-vmj9-wg42. This link is maintained to preserve external references. Original Description Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...

8.2CVSS6.2AI score0.00382EPSS
Exploits1References4
NVD
NVD
added 2025/10/06 2:15 a.m.4 views

CVE-2025-29192

Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...

8.2CVSS0.00382EPSS
Exploits1References3
OSV
OSV
added 2025/10/06 2:15 a.m.5 views

CVE-2025-29192

Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...

6.1CVSS6.2AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/06 12:0 a.m.3 views

CVE-2025-29192

Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...

8.2CVSS5.8AI score0.00382EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/06 12:0 a.m.9 views

CVE-2025-29192

Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...

8.2CVSS0.00382EPSS
Exploits1References3
CVE
CVE
added 2025/10/06 12:0 a.m.14 views

CVE-2025-29192

FlowiseAI Flowise prior to 3.0.5 is vulnerable to Cross-Site Scripting (XSS) via FORM and INPUT elements in the chat log when viewed by an admin. The issue is consistently described across sources as a stored XSS variant introduced by insufficient sanitization of chat-log form fields. Affected so...

8.2CVSS5.8AI score0.00382EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29844

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.00505EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-19715

Malicious code in bioql PyPI...

5.5CVSS5.4AI score0.00659EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/09/18 6:0 a.m.5 views

CVE-2025-9083 Ninja-forms < 3.11.1 - Unauthenticated PHP Objection

The Ninja Forms WordPress plugin before 3.11.1 unserializes user input via form field, which could allow Unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

6.3AI score0.00505EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/09/18 6:0 a.m.12 views

CVE-2025-9083 Ninja-forms < 3.11.1 - Unauthenticated PHP Objection

The Ninja Forms WordPress plugin before 3.11.1 unserializes user input via form field, which could allow Unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

0.00505EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:10 p.m.10 views

CVE-2021-38607

Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input...

5.4CVSS5.8AI score0.00605EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:1 p.m.8 views

CVE-2018-11773

Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The...

9.8CVSS6.8AI score0.02103EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:49 a.m.7 views

CVE-2018-11774

Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of securi...

7.2CVSS7.9AI score0.01356EPSS
Exploits0References1
Rows per page
Query Builder