Lucene search
K

273 matches found

OSV
OSV
added 2025/03/07 8:58 p.m.8 views

BIT-MODSECURITY2-2025-27110 Libmodsecurity3 has possible bypass of encoded HTML entities

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurit...

7.9CVSS7.3AI score0.00465EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2025/03/03 12:0 a.m.5 views

The vulnerability of the Libmodsecurity3 network firewall library for protecting web applications with ModSecurity allows attackers to circumvent existing security restrictions.

The vulnerability of the Libmodsecurity3 network firewall library for protecting web applications with ModSecurity is related to incorrect processing of HTML entities during decoding. Exploiting this vulnerability allows an attacker to bypass existing security restrictions by sending HTML entitie...

7.8CVSS7.5AI score0.00465EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 2025/03/01 2:52 a.m.2 views

SUSE CVE-2025-27110

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurit...

8.6CVSS6.8AI score0.00465EPSS
Exploits1References4
NVD
NVD
added 2025/02/25 8:15 p.m.20 views

CVE-2025-27110

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurit...

7.9CVSS0.00465EPSS
Exploits1References2
OSV
OSV
added 2025/02/25 8:15 p.m.1 views

DEBIAN-CVE-2025-27110

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurit...

7.5CVSS7.9AI score0.00465EPSS
Exploits1References1
OSV
OSV
added 2025/02/25 8:0 p.m.6 views

CVE-2025-27110 Libmodsecurity3 has possible bypass of encoded HTML entities

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurit...

7.9CVSS7.6AI score0.00465EPSS
Exploits1References4
CVE
CVE
added 2025/02/25 8:0 p.m.104 views

CVE-2025-27110

Libmodsecurity3 contains a vulnerability in version 3.0.13 where encoded HTML entities with leading zeroes are not decoded correctly. A fixed release is 3.0.14. Several advisories (Fedora, openSUSE/SUSE, OpenVAS/NASL entries) reference CVE-2025-27110 and mandate/update to 3.0.14 to remediate. The...

7.9CVSS6.9AI score0.00465EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/02/25 12:0 a.m.6 views

ModSecurity 安全漏洞

ModSecurity is an open source, cross-platform web application firewall WAF engine from OWASP ModSecurity Open Source. A security vulnerability exists in ModSecurity version 3.0.13, which stems from an inability to decode encoded HTML entities containing leading zeros...

7.9CVSS8.3AI score0.00465EPSS
Exploits1References5
Veracode
Veracode
added 2025/02/11 7:15 a.m.7 views

Cross-Site Scripting (XSS)

@nuxtjs/mdc is vulnerable to cross-site scripting XSS. The vulnerability is due to a deny-list approach in URL parsing that fails to properly filter encoded HTML entities, allowing an attacker to bypass security checks and execute arbitrary JavaScript...

9.3CVSS9AI score0.0066EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/07 10:38 p.m.14 views

CVE-2025-25187 Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's dangerouslySetInnerHTML, without first escaping HTML entities. Joplin lacks a...

7.8CVSS7.8AI score0.0047EPSS
Exploits1References4
OSV
OSV
added 2025/02/07 10:38 p.m.12 views

CVE-2025-25187 Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's dangerouslySetInnerHTML, without first escaping HTML entities. Joplin lacks a...

7.8CVSS7.6AI score0.0047EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/01/14 10:39 p.m.4 views

CVE-2024-54142 Cross-site Scripting via Discourse-ai SharedAiConversation onebox in Discourse

Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post with a onebox to said conversation. This issue has be...

9CVSS8.8AI score0.00406EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/14 10:39 p.m.15 views

CVE-2024-54142 Cross-site Scripting via Discourse-ai SharedAiConversation onebox in Discourse

Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post with a onebox to said conversation. This issue has be...

9CVSS0.00406EPSS
Exploits0References2
CVE
CVE
added 2025/01/14 10:39 p.m.48 views

CVE-2024-54142

CVE-2024-54142 concerns the Discourse AI plugin for Discourse. When sharing Discourse AI Bot conversations into posts, HTML entities in the conversation could leak into the application when a user visits a post with a onebox, enabling cross-site scripting via user-visible content. The issue is ti...

9CVSS8.9AI score0.00406EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.5 views

Discourse AI 跨站脚本漏洞

Discourse AI is an open source AI plugin for Discourse. Discourse AI suffers from a cross-site scripting vulnerability that stems from the fact that when sharing a Discourse AI Bot conversation into a post, if there are HTML entities in the conversation, these entities may be leaked to the...

9CVSS5.9AI score0.00406EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.8 views

PT-2025-3019 · Discourse · Discourse Ai

Name of the Vulnerable Software and Affected Versions: Discourse AI affected versions not specified Description: The issue concerns the Discourse AI plugin, which provides AI features. When sharing conversations from the Discourse AI Bot into posts, HTML entities from the conversation could leak...

9CVSS6.7AI score0.00406EPSS
Exploits0References8
Veracode
Veracode
added 2025/01/03 3:24 a.m.7 views

Denial Of Service (DoS)

Django is vulnerable to a denial-of-service DoS attack. The vulnerability is due to the striptags method and striptags template filter failing to handle inputs with large sequences of nested incomplete HTML entities, allowing an attacker to perform a DoS attack with specially crafted inputs...

7.5CVSS6.4AI score0.01398EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2024/12/13 1:18 p.m.1 views

OESA-2024-2543 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: A vulnerability was found in the Django Web Framework. The striptags and stripbtags template filter may be vulnerable to a potential denial of service DoS in cases of a large sequence ...

9.8CVSS7.6AI score0.01424EPSS
Exploits0References3
OSV
OSV
added 2024/12/13 1:18 p.m.4 views

OESA-2024-2541 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: A vulnerability was found in the Django Web Framework. The striptags and stripbtags template filter may be vulnerable to a potential denial of service DoS in cases of a large sequence ...

9.8CVSS7.6AI score0.01424EPSS
Exploits0References3
OSV
OSV
added 2024/12/13 1:18 p.m.2 views

OESA-2024-2539 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: A vulnerability was found in the Django Web Framework. The striptags and stripbtags template filter may be vulnerable to a potential denial of service DoS in cases of a large sequence ...

9.8CVSS7.6AI score0.01424EPSS
Exploits0References3
Rows per page
Query Builder