Lucene search
K

118 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.7 views

CVE-2021-31643

An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter...

5.4CVSS6.1AI score0.8845EPSS
Exploits4References1
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.4 views

PT-2025-53294

Name of the Vulnerable Software and Affected Versions Specto CM versions prior to 17032025 Description Specto CM contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scripts can be injected into...

5.4CVSS6AI score0.00138EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-18529

Malware in sbrugna...

6.1CVSS6.3AI score0.05125EPSS
Exploits4References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-0119

Malware in sbrugna...

7.5CVSS7.6AI score0.02105EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-0466

Malware in sbrugna...

9.8CVSS9.3AI score0.01744EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-59267

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00207EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-25045

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00292EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-34685

Malicious code in bioql PyPI...

4.8CVSS5.3AI score0.00493EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-51709

Malicious code in bioql PyPI...

7.2CVSS7AI score0.00983EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-11520

Malicious code in bioql PyPI...

3.5CVSS8.9AI score0.00219EPSS
Exploits1References3
Rapid7 Blog
Rapid7 Blog
added 2025/05/29 12:0 p.m.16 views

CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)

In the course of a penetration testing engagement, Rapid7 discovered three vulnerabilities in MICI Network Co., Ltd’s NetFax server versions 3.0.1.0. These issues allowed for an authenticated attack chain resulting in Remote Code Execution RCE against the device as the root user. While...

9.4CVSS8.6AI score0.1172EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:25 a.m.8 views

CVE-2019-7552

An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section...

5.4CVSS5.9AI score0.00707EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.11 views

CVE-2024-13616 VikBooking < 1.7.2 - Admin+ Stored XSS

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.7AI score0.00266EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/30 12:43 a.m.16 views

CVE-2024-58130

In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses...

7.2CVSS7.2AI score0.00217EPSS
Exploits0References1
OSV
OSV
added 2025/03/28 10:15 p.m.10 views

CVE-2024-58130

In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses...

6.1CVSS7.1AI score
Exploits0References2
Cvelist
Cvelist
added 2025/01/30 1:41 p.m.18 views

CVE-2024-11600 Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.6.0 - Authenticated (Administrator+) Remote Code Execution

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.6.0 via the 'writeconfig' function. This is due to a lack of sanitization on an imported JSON file. This makes it...

7.2CVSS0.01277EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/12/18 12:0 a.m.6 views

The vulnerability of the SimpleXLSX file reading extension lies in the lack of sanitization, allowing an attacker to execute arbitrary code.

The vulnerability of the SimpleXLSX file reading extension is related to the lack of sanitization. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

6.8CVSS5.9AI score
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/06 12:0 a.m.5 views

PT-2025-3119

Name of the Vulnerable Software and Affected Versions Umbraco CMS version 14.3.1 Description A stored cross-site scripting XSS vulnerability in Umbraco CMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload. This issue is only possible via authenticated users who have...

6.5CVSS5.4AI score0.00309EPSS
Exploits1References17
Github Security Blog
Github Security Blog
added 2024/08/05 9:29 p.m.25 views

Flowise Path Injection at /api/v1/openai-assistants-file

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the /api/v1/openai-assistants-file endpoint in index.ts is vulnerable to arbitrary file read due to lack of sanitization of the fileName body parameter. No known patches for this...

7.5CVSS6.7AI score0.01761EPSS
Exploits3References4Affected Software1
CVE
CVE
added 2024/07/09 3:33 a.m.59 views

CVE-2024-6365

CVE-2024-6365 affects Product Table by WBW for WordPress (wp-plugin). All versions up to 2.0.1 are vulnerable to unauthenticated Remote Code Execution via the saveCustomTitle function, caused by missing authorization and lack of sanitization of appended data in languages/customTitle.php. Impact p...

9.8CVSS9.8AI score0.01211EPSS
Exploits0References4
Rows per page
Query Builder