Lucene search
K

257 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-30448

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00463EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2021-30208

Malicious code in bioql PyPI...

3.3CVSS4.4AI score0.00542EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-38416

Malicious code in bioql PyPI...

8.1CVSS6.6AI score0.00421EPSS
Exploits0References3
OSV
OSV
added 2025/09/09 8:54 p.m.1 views

GHSA-JQFW-VQ24-V9C3 Vite's `server.fs` settings were not applied to HTML files

Summary Any HTML files on the machine were served regardless of the server.fs settings. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - appType: 'spa' default or appType: 'mpa' i...

2.3CVSS6.4AI score0.00586EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.5 views

PT-2025-36945

Name of the Vulnerable Software and Affected Versions: Halo versions prior to 2.20.13 Description: Halo versions prior to 2.20.13 allow bypassing file type detection, enabling the upload of malicious files, including .exe and .html files. Uploading .html files can trigger stored cross-site...

6.1CVSS5.8AI score0.0024EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/08 10:56 p.m.1 views

CVE-2025-58752 Vite's `server.fs` settings were not applied to HTML files

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or server.host config option and...

2.3CVSS6.3AI score0.00586EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/09/08 10:56 p.m.12 views

CVE-2025-58752 Vite's `server.fs` settings were not applied to HTML files

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or server.host config option and...

2.3CVSS0.00586EPSS
Exploits1References5
CVE
CVE
added 2025/09/08 10:56 p.m.43 views

CVE-2025-58752

Vite CVE-2025-58752 affects the dev and preview servers when exposed on the network: HTML files on the local machine could be served despite server.fs settings, depending on app exposure and appType configuration. Affected versions are <7.1.5, <7.0.7, <6.3.6, and

5.3CVSS6.3AI score0.00586EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.4 views

PT-2025-35097

Name of the Vulnerable Software and Affected Versions: FormCms version 0.5.5 Description: FormCms version 0.5.5 contains a stored cross-site scripting XSS vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible v...

6.9CVSS5.2AI score0.00198EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.5 views

PT-2025-31558 · Cs Cart · Cs-Cart

Name of the Vulnerable Software and Affected Versions: CS Cart version 4.18.3 Description: A file upload vulnerability exists that allows attackers to execute arbitrary code. The software allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This...

6.1CVSS6AI score0.00225EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 8:38 a.m.6 views

CVE-2024-32657

Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...

5.4CVSS7.2AI score0.00463EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:20 a.m.4 views

CVE-2024-10101

A stored cross-site scripting XSS vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payloa...

5.4CVSS5.1AI score0.00323EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:7 a.m.12 views

CVE-2023-47314

Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting XSS. The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files with the victims. As the file download...

5.4CVSS5.8AI score0.00414EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:36 p.m.7 views

CVE-2020-29071

An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving...

9CVSS6AI score0.01639EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:18 p.m.6 views

CVE-2020-20670

An arbitrary file upload vulnerability in /admin/media/upload of ZKEACMS V3.2.0 allows attackers to execute arbitrary code via a crafted HTML file...

8.8CVSS7.6AI score0.01692EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:34 a.m.9 views

CVE-2019-15614

Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files...

5.4CVSS5.6AI score0.00783EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:49 p.m.9 views

CVE-2005-2055

RealPlayer 8, 10, 10.5 6.0.12.1040-1069, and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via "default settings of earlier Internet Explorer browsers"...

5CVSS7AI score0.00905EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/05 6:45 p.m.15 views

CVE-2025-46571 Open WebUI vulnerable to limited stored XSS vila uploaded html file

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, low privileged users can upload HTML files which contain JavaScript code via the /api/v1/files/ backend endpoint. This endpoint returns a file id, which can be used to open t...

6.3CVSS0.00288EPSS
Exploits1References3
OSV
OSV
added 2025/04/03 2:4 p.m.5 views

BIT-DOLIBARR-2020-13239

The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS...

5.4CVSS5.7AI score0.00698EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/05 2:20 a.m.6 views

CVE-2024-24570

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...

8.2CVSS6.4AI score0.00734EPSS
Exploits1References1
Rows per page
Query Builder