Lucene search
+L

389 matches found

OSV
OSV
added 2026/05/15 6:30 p.m.7 views

GHSA-CH4J-VCF5-58X5 Cockpit CMS: Stored cross-site scripting vulnerability in the Set field type's Display template option

Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the template string is processed by the $interpolate function using new Function and rendered via Vue's v-html directive witho...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/15 4:33 p.m.6 views

CVE-2026-23695

Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the template string is processed by the $interpolate function using new Function and rendered via Vue's v-html directive witho...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/15 4:33 p.m.12 views

EUVD-2026-30556

Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the template string is processed by the $interpolate function using new Function and rendered via Vue's v-html directive witho...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 3:16 p.m.12 views

CVE-2026-32687

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in elixir-ecto postgrex 'Elixir.Postgrex.Notifications' module allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and...

7.8CVSS0.00198EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/12 2:18 p.m.37 views

CVE-2026-32687 SQL injection via channel name in Postgrex.Notifications.listen/3 and unlisten/3

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in elixir-ecto postgrex 'Elixir.Postgrex.Notifications' module allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and...

7.5CVSS0.00198EPSS
Exploits0References4
OSV
OSV
added 2026/05/12 2:18 p.m.4 views

CVE-2026-32687 SQL injection via channel name in Postgrex.Notifications.listen/3 and unlisten/3

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in elixir-ecto postgrex 'Elixir.Postgrex.Notifications' module allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and...

7.5CVSS6.1AI score0.00198EPSS
Exploits0References9
OSV
OSV
added 2026/05/12 2:18 p.m.13 views

EEF-CVE-2026-32687 SQL injection via channel name in Postgrex.Notifications.listen/3 and unlisten/3

Summary Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in elixir-ecto postgrex 'Elixir.Postgrex.Notifications' module allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and...

7.5CVSS6.2AI score0.00198EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.12 views

FreeMOCA: Memory-Free Continual Learning for Malicious Code Analysis

As over 200 million new malware samples are identified each year, antivirus systems must continuously adapt to the evolving threat landscape. However, retraining solely on new samples leads to catastrophic forgetting and exploitable blind spots, while retraining on the entire dataset incurs...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/07 7:16 p.m.28 views

CVE-2026-42214

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...

7.8CVSS0.00242EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/04 9:19 p.m.20 views

AzuraCast Vulnerable to Liquidsoap Code Injection via Incomplete cleanUpString-to-toRawString Migration in Remote Relay Password Field

Summary The cleanUpString method in ConfigWriter.php uses an ungreedy regex to strip Liquidsoap string interpolation patterns ... from user input. This regex can be bypassed via nested interpolation syntax EXPR, allowing injection of arbitrary Liquidsoap code. Commit ff49ef4 migrated most...

6.4AI score
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/04 6:39 p.m.35 views

CVE-2026-42237

CVE-2026-42237 affects n8n, where the Snowflake node and the legacy MySQL v1 node interpolate user-controlled identifiers (table/column names, update keys) into SQL queries without proper escaping, enabling SQL injection against the connected database. The issue existed prior to versions 1.123.32...

8.8CVSS5.8AI score0.00254EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/04 6:16 p.m.10 views

CVE-2026-42052

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...

6CVSS0.003EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/04 5:6 p.m.32 views

CVE-2026-42052 beets is Vulnerable to XSS

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...

6CVSS0.003EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 5:6 p.m.3 views

CVE-2026-42052

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...

6CVSS5.7AI score0.003EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/05/04 5:6 p.m.6 views

CVE-2026-42052

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...

6CVSS5.7AI score0.003EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.10 views

beets 跨站脚本漏洞

Beets is an open-source music collection management and metadata optimization tool developed by Beetbox. Versions of Beets prior to 2.10.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Web UI’s use of the Underscore template interpolation pattern for handling...

6CVSS5.7AI score0.003EPSS
Exploits0References2
OSV
OSV
added 2026/04/29 6:29 p.m.5 views

GHSA-3GXM-WFJX-M847 beets has a Cross-site Scripting vulnerability

During code logic analyis, an area that may lead to unintended behavior under specific conditions was discovered. Overview - Verified Version: 80cd21554124da07d17a4f962c7d770a4f70d0f2 - Vulnerability Type: Stored XSS - Affected Location: beetsplug/web/templates/index.html:42 - Trigger Scenario:...

6CVSS6AI score0.003EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/29 6:29 p.m.13 views

beets has a Cross-site Scripting vulnerability

During code logic analyis, an area that may lead to unintended behavior under specific conditions was discovered. Overview - Verified Version: 80cd21554124da07d17a4f962c7d770a4f70d0f2 - Vulnerability Type: Stored XSS - Affected Location: beetsplug/web/templates/index.html:42 - Trigger Scenario:...

6CVSS5.6AI score0.003EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:52 p.m.6 views

CVE-2026-3837

An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...

4.6CVSS5.9AI score0.00193EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.8 views

PT-2026-37153

Name of the Vulnerable Software and Affected Versions i18next-fs-backend versions prior to 2.6.4 Description i18next-fs-backend substitutes the lng and ns options directly into the configured loadPath and addPath templates to read or write files from the disk. Because this interpolation is...

8.2CVSS6AI score0.00292EPSS
Exploits0References4
Rows per page
Query Builder