Lucene search
+L

563 matches found

cve
cve
added 2026/07/01 3:53 p.m.12 views

CVE-2026-34096

Guardian Language-System XSS via name Parameter in designer.php. Root cause: failure to sanitize the name GET parameter before output into an HTML input value attribute (designer.php: line 57). Impact: authenticated attacker can craft a URL with script tags that execute in the victim’s browser se...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/07/01 3:53 p.m.7 views

CVE-2026-34096 Guardian Language-System XSS via name Parameter in designer.php

Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/01 3:53 p.m.36 views

CVE-2026-34096 Guardian Language-System XSS via name Parameter in designer.php

Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...

4.8CVSS0.00147EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.8 views

PT-2026-54736

Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An authenticated attacker can perform error-based SQL injection to extract database contents. The issue occurs because the application passes the id GET parameter directly in...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References5
thn
thn
added 2026/06/26 11:30 a.m.16 views

Guardian Agents: The Next Layer of Identity Governance

AI agents are moving through enterprise environments, inheriting permissions, traversing systems, and executing decisions at machine speed with minimal oversight. The identity infrastructure built to govern human access wasn't designed for autonomous actors, and the gap between what enterprises a...

6.2AI score
Exploits0
attackerkb
attackerkb
added 2026/06/18 9:8 p.m.8 views

CVE-2026-22674

Hashgraph Guardian through 3.6.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users with the STANDARDREGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API endpoint. Attacke...

4.8CVSS6AI score0.00177EPSS
Exploits0References4
cve
cve
added 2026/06/18 9:8 p.m.26 views

CVE-2026-22674

Hashgraph Guardian prior to 3.5.0 is affected by a stored XSS vulnerability in the branding configuration API endpoint. The issue arises from unsanitized innerHTML in the branding service, allowing an authenticated user with the STANDARD_REGISTRY role to inject malicious scripts by submitting a c...

4.8CVSS6AI score0.00177EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/18 9:8 p.m.5 views

CVE-2026-22674 Hashgraph Guardian Stored XSS via branding companyName field

Hashgraph Guardian through 3.6.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users with the STANDARDREGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API endpoint. Attacke...

4.8CVSS6.2AI score0.00177EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/18 9:8 p.m.32 views

CVE-2026-22674 Hashgraph Guardian Stored XSS via branding companyName field

Hashgraph Guardian through 3.6.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users with the STANDARDREGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API endpoint. Attacke...

4.8CVSS0.00177EPSS
Exploits0References3
osv
osv
added 2026/06/18 9:8 p.m.2 views

CVE-2026-22674 Hashgraph Guardian Stored XSS via branding companyName field

Hashgraph Guardian through 3.6.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users with the STANDARDREGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API endpoint. Attacke...

4.8CVSS6AI score0.00177EPSS
Exploits0References6
packetstormnews
packetstormnews
added 2026/05/31 12:0 a.m.23 views

Defenses and Enablers for Skill Injection Attacks on Terminal Based Agents

Large language model LLM agents increasingly rely on reusable skills i.e. documents describing task-specific procedures. However, this introduces a new attack surface for agents to manage. We study two complementary directions for this threat. First, we evaluate guardian-based defenses: an...

5.7AI score
Exploits0
ossf
ossf
added 2026/05/24 6:38 p.m.15 views

Malicious code in clipboard-guardian (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cf1e5328821dbb36e54a2d796ad934ebe79257f8927e2ba741016c4a0f2c79d This package is a cryptocurrency clipper masquerading as a clipboard-protection tool. Its postinstall script npm-install.cjs writes 30+ hardcoded...

5.8AI score
Exploits0References4
osv
osv
added 2026/05/24 6:38 p.m.10 views

MAL-2026-4290 Malicious code in clipboard-guardian (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cf1e5328821dbb36e54a2d796ad934ebe79257f8927e2ba741016c4a0f2c79d This package is a cryptocurrency clipper masquerading as a clipboard-protection tool. Its postinstall script npm-install.cjs writes 30+ hardcoded...

5.8AI score
Exploits0References4
vulnrichment
vulnrichment
added 2026/05/19 1:23 p.m.10 views

CVE-2025-40904 HTML injection in Smart Polling in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/19 1:23 p.m.42 views

CVE-2025-40904 HTML injection in Smart Polling in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...

6.5CVSS0.00186EPSS
Exploits0References1
cve
cve
added 2026/05/19 1:23 p.m.27 views

CVE-2025-40904

The CVE-2025-40904 issue is a Stored HTML Injection in the Smart Polling feature. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags via sync; when a victim opens the affected remote strategy, injected HTML can render in their browser and enabl...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References2Affected Software2
vulnrichment
vulnrichment
added 2026/05/19 1:22 p.m.14 views

CVE-2025-40903 HTML injection in Schedule Restore Archive in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...

5.9CVSS5.8AI score0.00194EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/19 1:21 p.m.13 views

CVE-2025-40902 HTML injection in Users in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...

5.9CVSS5.8AI score0.00194EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/19 1:21 p.m.39 views

CVE-2025-40902 HTML injection in Users in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...

5.9CVSS0.00194EPSS
Exploits0References1
cve
cve
added 2026/05/19 1:21 p.m.28 views

CVE-2025-40902

CVE-2025-40902 describes a Stored HTML Injection in the Guardian/CMC Users feature prior to 26.1.0. An authenticated admin can create a user whose username contains HTML tags; when a victim deletes a group containing that user, the injected HTML may render in the browser, enabling phishing and po...

5.9CVSS5.8AI score0.00194EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder