Lucene search
K

15824 matches found

RedhatCVE
RedhatCVE
added 2026/06/19 3:49 a.m.8 views

CVE-2026-12047

A flaw was found in pgAdmin 4. An authenticated pgAdmin user can exploit an HTML injection vulnerability in the cloud deployment module. By submitting a crafted input that triggers an SDK exception, an attacker can embed structural HTML directly into the Cloud Wizard's interface. This can lead to...

5.4CVSS5.4AI score0.00137EPSS
Exploits0References5
NVD
NVD
added 2026/06/19 12:16 a.m.16 views

CVE-2026-12047

HTML injection in pgAdmin 4's cloud deployment module. The verifycredentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Google SDK exception text — and the related file-resolution and database-commit...

5.4CVSS0.00137EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 11:37 p.m.35 views

CVE-2026-12047

CVE-2026-12047 – pgAdmin 4 : HTML injection in the cloud deployment module arises when unsanitised exception text (from verify_credentials, deploy, and related endpoints under /rds/, /azure/, /google/, and /cloud/) is echoed into JSON response fields (info/errormsg) and rendered by the Cloud Wiza...

5.4CVSS5.3AI score0.00137EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:37 p.m.6 views

CVE-2026-12047

HTML injection in pgAdmin 4's cloud deployment module. The verifycredentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Google SDK exception text — and the related file-resolution and database-commit...

4.8CVSS5.2AI score0.00137EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/18 11:37 p.m.36 views

CVE-2026-12047 pgAdmin 4: HTML injection in cloud verify_credentials / deploy endpoints via unsanitised SDK exception text

HTML injection in pgAdmin 4's cloud deployment module. The verifycredentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Google SDK exception text — and the related file-resolution and database-commit...

4.8CVSS0.00137EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 8:16 a.m.16 views

CVE-2026-55746

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to stored Cross-Site Scripting in the Personal File Storage PFS module. A folder title pfftitle is imported with the 'TXT' filter, which does not strip or encode HTML the tag check in cotimport is disabled, so an authenticated user can...

7.6CVSS0.00171EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 6:46 a.m.4 views

CVE-2026-55746

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to stored Cross-Site Scripting in the Personal File Storage PFS module. A folder title pfftitle is imported with the 'TXT' filter, which does not strip or encode HTML the tag check in cotimport is disabled, so an authenticated user can...

7.6CVSS5.2AI score0.00171EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/18 6:46 a.m.10 views

EUVD-2026-37858

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to stored Cross-Site Scripting in the Personal File Storage PFS module. A folder title pfftitle is imported with the 'TXT' filter, which does not strip or encode HTML the tag check in cotimport is disabled, so an authenticated user can...

7.6CVSS5.2AI score0.00171EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.15 views

PT-2026-50813

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 6.6 through 9.15 Description HTML injection is possible in the cloud deployment module. The application propagates exception text from AWS, Azure, and Google SDKs, as well as file-resolution and database-commit exceptions,...

4.8CVSS5.8AI score0.00137EPSS
Exploits0References7
NVD
NVD
added 2026/06/17 3:16 p.m.12 views

CVE-2026-10850

Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the descriptionhtml field when creating an intake work item through the API v1 intake endpoint...

6.9CVSS0.00165EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.12 views

PT-2026-50428

Name of the Vulnerable Software and Affected Versions Plane CE version 1.3.1 Description A low-privileged project member can submit arbitrary HTML and JavaScript via the description html field. This occurs when creating an intake work item through the 'API v1 intake' endpoint. Recommendations At...

6.9CVSS5.9AI score0.00165EPSS
Exploits1References5
Snyk
Snyk
added 2026/06/16 7:22 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the text/html content processing. An attacker can inject and execute arbitrary scripts in the context of the rendered page by supplying malicious HTML content files from untrusted sources. This is only...

5.4CVSS5.9AI score0.00187EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 p.m.8 views

CVE-2026-50883

An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...

9.6CVSS0.00374EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/15 6:43 a.m.121 views

Exploit for CVE-2026-48849

CVE-2026-48849 - Stored XSS, HTML Injection & CSS Injection in...

4.4CVSS5.6AI score0.00239EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.16 views

PT-2026-49324

Name of the Vulnerable Software and Affected Versions matze wastebin version 3.4.1 Description An HTML injection issue in the /src/highlight.rs component allows attackers to execute arbitrary scripts using a crafted payload. HTML injection is a process where an attacker inserts malicious HTML cod...

9.6CVSS6.2AI score0.00374EPSS
Exploits0References3
CVE
CVE
added 2026/06/15 12:0 a.m.17 views

CVE-2026-50883

CVE-2026-50883 refers to an HTML injection in the matze wastebin project (v3.4.1) affecting the internal component /src/highlight.rs . The root cause is not explicitly detailed beyond mention of HTML injection via a crafted payload, leading to arbitrary script execution. The vulnerability is rate...

9.6CVSS5.8AI score0.00374EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 2:16 p.m.12 views

CVE-2026-45669

Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving ,...

5.4CVSS0.00164EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/12 2:26 a.m.8 views

SUSE CVE-2026-45106

Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...

4.6CVSS5.2AI score0.00208EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.11 views

FreeBSD : Gitlab -- vulnerabilities (ac9bab80-6618-11f1-8e04-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ac9bab80-6618-11f1-8e04-2cf05da270f3 advisory. Gitlab reports: Improper Access Control issue in Group SAML Identity API impacts GitLab EE...

8.7CVSS5.9AI score0.0037EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.30 views

PT-2026-49055

Name of the Vulnerable Software and Affected Versions Fabric.js versions prior to 7.4.0 Description Improper escaping of user-controlled input during SVG serialization via the toSVG method can lead to Cross-Site Scripting XSS. Specifically, the color field within the colorStops array of a...

6.1CVSS6AI score0.00194EPSS
Exploits1References8
Rows per page
Query Builder