Lucene search
+L

316 matches found

EUVD
EUVD
added 2026/02/25 10:1 p.m.7 views

EUVD-2026-8749

Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module...

6.1CVSS5.3AI score0.00221EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.15 views

PT-2026-22026

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.0.0 Description Vikunja, a self-hosted task management platform, has a reflected HTML injection issue in the Projects module. The filter URL parameter is rendered into the DOM without proper output encoding when a...

9.9CVSS5.4AI score0.22162EPSS
Exploits70References140
OSV
OSV
added 2026/02/24 1:1 a.m.6 views

CVE-2026-25797 ImageMagick vulnerable to Code injection via PostScript header in ps coders

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a...

5.7CVSS6.1AI score0.00161EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.9 views

ImageMagick 代码注入漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-15 and 6.9.13-40 contained a code injection vulnerability. This vulnerability stemmed from the ps...

5.7CVSS7.4AI score0.00161EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.8 views

PT-2026-21603

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description ImageMagick is software used for editing and manipulating digital images. The ps coders, which handle PostScript files, do not properly sanitize input...

7.5CVSS7.8AI score0.00501EPSS
Exploits0References164
OSV
OSV
added 2026/02/19 10:50 p.m.10 views

CVE-2026-26953 Pi-hole Web Interface has Stored HTML Injection via X-Forwarded-For Header in Active Sessions Table

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.0 and above have a Stored HTML Injection vulnerability in the active sessions table located on the API settings page, allowing an attacker with valid credentia...

5.4CVSS6.2AI score0.00294EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/17 8:13 p.m.7 views

CVE-2025-14289 IBM webMethods Integration Server is vulnerable to HTML injection

IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS5.5AI score0.00162EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.11 views

IBM webMethods Integration Server 安全漏洞

IBM webMethods Integration Server is an application connector from International Business Machines IBM. An HTML injection vulnerability exists in IBM webMethods Integration Server version 12.0. An attacker could exploit this vulnerability to execute arbitrary Web script or HTML...

5.4CVSS6AI score0.00162EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/02/16 12:22 a.m.16 views

PortSwigger Web Security: HTML Injection in DAST Trial Request Form Confirmation Email – PortSwigger

A vulnerability was discovered in the DAST trial request form on the website, where user input in the "First Name" field was not properly sanitized before being included in confirmation emails. This allowed the injection of arbitrary HTML content, which would be rendered in the recipient's email...

5.7AI score
Exploits0
NVD
NVD
added 2026/02/12 11:16 p.m.7 views

CVE-2019-25323

Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can craft specially formatted POST requests to the outputtitle parameter to execute arbitrary HTML and...

6.1CVSS0.0022EPSS
Exploits0References4
NVD
NVD
added 2026/02/12 11:16 p.m.17 views

CVE-2019-25324

RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn and entryDisplayNameIn parameters to insert arbitrary HTML content, potentially enabling...

6.1CVSS0.0022EPSS
Exploits0References4
CVE
CVE
added 2026/02/12 10:48 p.m.15 views

CVE-2019-25323

Heatmiser Netmonitor v3.03 is affected by an HTML injection in the outputSetup.htm page via the outputtitle parameter. The vulnerability allows an attacker to craft POST requests to inject arbitrary HTML and potentially alter the web interface’s displayed content. The CVE description specifies a ...

6.1CVSS6AI score0.0022EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/12 10:48 p.m.5 views

CVE-2019-25323 Heatmiser Netmonitor 3.03 - HTML Injection

Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can craft specially formatted POST requests to the outputtitle parameter to execute arbitrary HTML and...

6.1CVSS6AI score0.0022EPSS
Exploits0References4
OSV
OSV
added 2026/02/11 12:0 a.m.11 views

CVE-2025-70296

A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...

5.4CVSS5.8AI score0.0023EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/10 7:22 p.m.5 views

CVE-2026-25230

FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is...

5.4CVSS5.6AI score0.00203EPSS
Exploits1References1
NVD
NVD
added 2026/02/09 8:15 p.m.16 views

CVE-2026-25230

FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is...

5.4CVSS0.00203EPSS
Exploits1References4
NVD
NVD
added 2026/02/03 7:16 p.m.14 views

CVE-2026-24426

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...

6.1CVSS0.00188EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/03 7:9 p.m.6 views

EUVD-2026-5183

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...

5.1CVSS5.5AI score0.00188EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/02/02 12:0 a.m.6 views

TikiWiki 17.1 Cross Site Scripting

A cross site scripting vulnerability exists in TikiWiki CMS version 17.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.12 views

Cacti security vulnerabilities

Cacti is a set of open-source network traffic monitoring and analysis tools developed by the Cacti team. This tool retrieves data using SNMPGet, generates graphs with RRDTool for analysis, and provides features for data management and user administration. Cacti versions 1.2.29 and earlier contain...

5.4CVSS5.8AI score0.002EPSS
Exploits1References2
Rows per page
Query Builder