Lucene search
K

354 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-22398

Malicious code in bioql PyPI...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-25000

Malicious code in bioql PyPI...

7.5CVSS7.1AI score0.01007EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-29306

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-39039

Malicious code in bioql PyPI...

9.1CVSS8.5AI score0.01318EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7773

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00615EPSS
Exploits0References5
NVD
NVD
added 2025/09/03 3:15 p.m.4 views

CVE-2025-9823

SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

4.8CVSS0.00289EPSS
Exploits0References1
OSV
OSV
added 2025/09/03 2:33 p.m.2 views

CVE-2025-9823 Reflected XSS in lead:addLeadTags - Quick Add

SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

4.8CVSS6.1AI score0.00289EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.5 views

PT-2025-35773

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: A Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because...

4.8CVSS5.1AI score0.00289EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.8 views

DeepSeek R1 安全漏洞

DeepSeek R1 is a large language modeling and AI technology platform from China-based DeepSeek. A security vulnerability exists in DeepSeek R1 V3.1 and earlier versions, which stems from the unspecified input field is vulnerable to cross-site scripting attacks and could lead to the execution of...

8.8CVSS6.3AI score0.0054EPSS
Exploits1References5
OSV
OSV
added 2025/07/31 1:48 p.m.7 views

CVE-2025-54589 copyparty Reflected XSS via Filter Parameter

Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at /?ru, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a block without proper escaping...

6.3CVSS5.7AI score0.02393EPSS
Exploits3References5
CNVD
CNVD
added 2025/07/04 12:0 a.m.14 views

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17300)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter Nome/Sobrenome in the file /html/funcionario/cadastrofuncionario.php, for which no detailed...

5.1CVSS6.3AI score0.0031EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/19 1:10 a.m.7 views

CVE-2025-48993

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but the web applicatio...

5.3CVSS5.5AI score0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:42 a.m.7 views

CVE-2024-37156

The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3...

6.1CVSS6.7AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:40 a.m.8 views

CVE-2024-31065

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field...

6.1CVSS7.4AI score0.00835EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:39 a.m.9 views

CVE-2024-31062

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Street input field...

6.3CVSS7.4AI score0.00824EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:30 a.m.7 views

CVE-2024-48396

AIML Chatbot 1.0 fixed in 2.0 is vulnerable to Cross Site Scripting XSS. The vulnerability is exploited through the message input field, where attackers can inject malicious HTML or JavaScript code. The chatbot fails to sanitize these inputs, leading to the execution of malicious scripts...

6.1CVSS6.5AI score0.00313EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:41 p.m.11 views

CVE-2022-28508

An XSS issue was discovered in browsersearchplugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field...

6.1CVSS6AI score0.05227EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:59 p.m.4 views

CVE-2021-20717

Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser...

6.1CVSS6.7AI score0.02308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:2 a.m.6 views

CVE-2019-17495

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

9.8CVSS7AI score0.0558EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:12 a.m.5 views

CVE-2018-20370

SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend...

5.4CVSS6.2AI score0.00515EPSS
Exploits2References1
Rows per page
Query Builder