Lucene search
K

9 matches found

CVE
CVE
added 2026/05/22 1:26 p.m.23 views

CVE-2026-8997

CVE-2026-8997 : vifm is vulnerable to a heap buffer overflow during the history merge when saving the state file (vifminfo.json). The flaw arises from a missing runtime length check on history entries in release builds, allowing a crafted long path or command in history to cause memory corruption...

4.8CVSS6AI score0.0014EPSS
Exploits0References2
OSV
OSV
added 2026/03/23 7:15 p.m.7 views

CVE-2026-33548 MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has...

8.6CVSS6.1AI score0.00196EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/23 7:15 p.m.25 views

CVE-2026-33548 MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has...

8.6CVSS0.00196EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-4438

Malware in sbrugna...

5CVSS6.2AI score0.01775EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2023/09/06 3:30 p.m.28 views

XSS vulnerability in Jenkins Job Configuration History Plugin

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting XSS vulnerability...

5.4CVSS5.6AI score0.00432EPSS
Exploits0References4Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2012/03/26 12:0 a.m.496 views

History.state can leak the state data from cross domain pages

When a site uses history.pushState and history.replaceState to add or replace history entries, it can also provide optional data, which may typically be used to restore the given state when the user navigates through their browser history. When pages with cross-domain frames use this functionalit...

0.7AI score
Exploits0Affected Software1
NVD
NVD
added 2012/03/08 10:55 p.m.25 views

CVE-2012-0585

The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the 1 pushState or 2 replaceState method...

5CVSS6.1AI score0.02469EPSS
Exploits0References7
Prion
Prion
added 2012/03/08 10:55 p.m.19 views

Design/Logic Flaw

The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the 1 pushState or 2 replaceState method...

5CVSS6.5AI score0.02469EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2007/08/22 1:17 a.m.4 views

DEBIAN-CVE-2007-4455

The SIP channel driver chansip in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i Asterisk Appliance 1.x before 1.0.3 allows remote attackers to cause a denial of service memory exhaustion via a SIP dialog that cause...

5CVSS6.5AI score0.01775EPSS
Exploits0References1
Rows per page
Query Builder