Lucene search
K

683 matches found

NVD
NVD
added 2026/04/20 6:16 p.m.6 views

CVE-2026-23753

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality where the charset POST parameter is passed directly to SWIFTLanguage::Create without HTML sanitization and subsequently rendered unsanitized by ViewLanguage.RenderGrid. An...

4.8CVSS0.00151EPSS
Exploits0References2
CVE
CVE
added 2026/04/20 5:33 p.m.9 views

CVE-2026-23753

GFI HelpDesk

4.8CVSS5.7AI score0.00151EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/20 5:33 p.m.4 views

CVE-2026-23753

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality where the charset POST parameter is passed directly to SWIFTLanguage::Create without HTML sanitization and subsequently rendered unsanitized by ViewLanguage.RenderGrid. An...

4.8CVSS5.7AI score0.00151EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/04/20 12:0 a.m.10 views

Joern 4.0.524

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 p.m.6 views

CVE-2024-35644

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Languages: from n/a through 2.2.2...

5.9CVSS5.8AI score0.00165EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/06 12:30 p.m.8 views

EUVD-2024-55469

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Languages: from n/a through 2.2.2...

5.9CVSS5.8AI score0.00165EPSS
Exploits0References2
NVD
NVD
added 2026/03/06 12:15 p.m.3 views

CVE-2024-35644

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Languages: from n/a through 2.2.2...

5.9CVSS0.00165EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/06 11:40 a.m.3 views

CVE-2024-35644

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Languages: from n/a through 2.2.2...

5.9CVSS5.8AI score0.00165EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/06 11:40 a.m.4 views

CVE-2024-35644 WordPress Preferred Languages plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Languages: from n/a through 2.2.2...

5.9CVSS5.8AI score0.00165EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/06 11:40 a.m.31 views

CVE-2024-35644 WordPress Preferred Languages plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Languages: from n/a through 2.2.2...

5.9CVSS0.00165EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.6 views

WordPress plugin Preferred Languages 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.9CVSS5.7AI score0.00165EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.5 views

PT-2026-23670

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Languages: from n/a through 2.2.2...

5.9CVSS5.8AI score0.00165EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/02/11 12:0 a.m.4 views

GoodVibe: Security-By-Vibe for LLM-Based Code Generation

Large language models LLMs are increasingly used for code generation in fast, informal development workflows, often referred to as vibe coding, where speed and convenience are prioritized, and security requirements are rarely made explicit. In this setting, models frequently produce functionally...

5.7AI score
Exploits0
GithubExploit
GithubExploit
added 2026/01/25 2:51 p.m.168 views

POC-Generator-Burp_Suite_Extension

🎯 POC Generator - Burp Suite Extension From vulnerability...

6.1AI score
Exploits0
OSV
OSV
added 2026/01/20 9:3 a.m.6 views

RLSA-2026:0756 Moderate: transfig security update

The transfig utility creates a makefile which translates FIG created by xfig or PIC figures into a specified LaTeX graphics language for example, PostScriptTM. Transfig is used to create TeX documents which are portable i.e., they can be printed in a wide variety of environments. Install transfig...

7.8CVSS6.5AI score0.00249EPSS
Exploits1References2
Fedora
Fedora
added 2026/01/18 1:45 a.m.6 views

[SECURITY] Fedora 42 Update: musescore-4.3.2-20.fc42

MuseScore is a free cross platform WYSIWYG music notation program. Some highlights: WYSIWYG, notes are entered on a "virtual note sheet" Unlimited number of staves Up to four voices per staff Easy and fast note entry with mouse, keyboard or MIDI Integrated sequencer and FluidSynth software...

7.5CVSS6.9AI score0.00414EPSS
Exploits1
Fedora
Fedora
added 2026/01/08 1:28 a.m.7 views

[SECURITY] Fedora 43 Update: python-pdfminer-20251230-1.fc43

Pdfminer.six is a community maintained fork of the original PDFMiner. It is a tool for extracting information from PDF documents. It focuses on getting and analyzing text data. Pdfminer.six extracts the text from a page directly from the sourcecode of the PDF. It can also be used to get the exact...

8.6CVSS6.4AI score0.00281EPSS
Exploits1
GithubExploit
GithubExploit
added 2025/12/24 6:36 a.m.291 views

PoC-Analyzer

PoC Analyzer Proof-of-Concept Malicious Intent Detector !P...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/18 12:0 a.m.28 views

A Systematic Study of Code Obfuscation against LLM-Based Vulnerability Detection

As large language models LLMs are increasingly adopted for code vulnerability detection, their reliability and robustness across diverse vulnerability types have become a pressing concern. In traditional adversarial settings, code obfuscation has long been used as a general strategy to bypass...

7.2AI score
Exploits0
Veracode
Veracode
added 2025/12/13 6:43 a.m.5 views

Denial Of Service (DoS)

getgrav/grav is vulnerable to Denial of Service DoS. The vulnerability is due to improper input validation in the “Supported” parameter of the Languages submenu, which allows an attacker to supply malformed input that triggers a fatal regular expression parsing error via the pregmatch function...

6.9CVSS5.9AI score0.00337EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder