Lucene search
K

403 matches found

Nuclei
Nuclei
added 13 hours ago63 views

G Auto-Hyperlink <= 1.0.1 - SQL Injection

The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection id: CVE-2021-24627 info: name: G Auto-Hyperlink = 1.0.1 - SQL...

7.2CVSS7AI score0.06561EPSS
Exploits2References4
NVD
NVD
added 2 days ago7 views

CVE-2026-57245

When the application opens a PDF, traverses and builds the annotation elements related to hyperlinks, it fails to validate the abnormal annotation relationships and field combinations. This results in the internal objects entering an invalid state. Eventually, during the destruction phase, an...

7.8CVSS0.00116EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-57245

Foxit PDF Editor/Reader contains a use-after-free vulnerability in the handling of hyperlink annotations when opening and traversing annotation elements. The issue can lead to an invalid state and an invalid pointer write during destruction, causing a crash. CVSSv3.1 base score 7.8 ( HIGH ) with ...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-57245

When the application opens a PDF, traverses and builds the annotation elements related to hyperlinks, it fails to validate the abnormal annotation relationships and field combinations. This results in the internal objects entering an invalid state. Eventually, during the destruction phase, an...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-42207

When the application opens a PDF, traverses and builds the annotation elements related to hyperlinks, it fails to validate the abnormal annotation relationships and field combinations. This results in the internal objects entering an invalid state. Eventually, during the destruction phase, an...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.18 views

PT-2026-51455

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.6.0 Description Actual is a local-first personal finance tool that fails to neutralize formula-trigger characters when exporting data to CSV. The functions exportToCSV and exportQueryToCSV in...

4.2CVSS6.7AI score0.00286EPSS
Exploits0References6
NVD
NVD
added 2026/05/18 8:16 p.m.27 views

CVE-2026-47090

Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values, allowing attackers to inject arbitrary ANSI codes into terminal sessions. Attackers can...

4.6CVSS0.00104EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/18 7:31 p.m.39 views

CVE-2026-47090 Claude HUD 0.0.12 Terminal Injection via OSC 8 Hyperlinks

Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values, allowing attackers to inject arbitrary ANSI codes into terminal sessions. Attackers can...

4.6CVSS0.00104EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/18 7:31 p.m.12 views

CVE-2026-47090

Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values, allowing attackers to inject arbitrary ANSI codes into terminal sessions. Attackers can...

4.6CVSS6AI score0.00104EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.16 views

Claude HUD 安全漏洞

Claude HUD is a Claude Code plugin developed by Jarrod Watts, which displays context usage, tool states, and progress. Versions of Claude HUD prior to 0.0.12 contained security vulnerabilities. These vulnerabilities stemmed from the use of raw cwd and branchUrl values to construct OSC 8 terminal...

4.6CVSS6.1AI score0.00104EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.14 views

PT-2026-41730

Name of the Vulnerable Software and Affected Versions Claude HUD versions 0.0.0 through 0.0.12 Description The software constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values. This allows attackers t...

4.6CVSS5.9AI score0.00104EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:1 a.m.9 views

CVE-2026-43941

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal...

9.6CVSS6.4AI score0.00394EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 5:42 p.m.9 views

i18nextify has DOM XSS via javascript:/data: URL schemes in translated href/src attributes

Summary Versions of i18nextify prior to 4.0.8 substitute key interpolation tokens inside src and href attribute values with the raw string returned by i18next.t. The substitution logic in src/localize.js replaceInside handler around line 122 only guards against a duplicated http:// origin prefix ...

4.7CVSS5.9AI score0.00144EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/10 5:42 p.m.24 views

CVE-2026-32893 Chamilo LMS has Reflected XSS via Unsanitized http_build_query() in Exercise Question List Pagination

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cross-Site Scripting XSS vulnerability in the exercise question list admin panel allows an attacker to execute arbitrary JavaScript in an authenticated teacher's browser. The pagination code merges all $GET parameters v...

5.4CVSS0.00141EPSS
Exploits0References2
Circl
Circl
added 2026/04/09 10:30 p.m.5 views

CVE-2026-25397

creationtimestamp| type| source ---|---|--- 2026-04-09 22:30:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mj3ubjhrfv2k...

7.5CVSS5.7AI score0.00431EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/07 8:17 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of Mustache navigation templates when user-controlled values are interpolated into the href attribute without proper URL scheme validation. An attacker can execute arbitrary JavaScript in the...

4.8CVSS5.7AI score0.00176EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.3 views

CVE-2026-30913

Flarum is open-source forum software. When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting...

4.6CVSS5.8AI score0.00165EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.9 views

OpenProject 跨站脚本漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.2.0 had a cross-site scripting vulnerability. This vulnerability stemmed from improper Markdown rendering validation in OpenProject, especially in the handling of hyperlinks. It could allow...

6.5CVSS5.6AI score0.00322EPSS
Exploits0References1
NVD
NVD
added 2026/03/10 5:40 p.m.11 views

CVE-2026-30913

Flarum is open-source forum software. When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting...

4.6CVSS0.00165EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.9 views

Flarum 安全漏洞

Flarum is an open-source forum software developed by Flarum for building communities. There is a security vulnerability in Flarum. This vulnerability arises when the flarum/nicknames extension is enabled, allowing registered users to set their nicknames as strings that can be interpreted by email...

4.6CVSS5.8AI score0.00165EPSS
Exploits0References4
Rows per page
Query Builder