Lucene search
K

365 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0652

Malicious code in bioql PyPI...

8.1CVSS4.7AI score0.00517EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-7040

Malicious code in bioql PyPI...

7.6CVSS6AI score0.00432EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-32419

Malicious code in bioql PyPI...

6.8CVSS6.7AI score0.00317EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-24367

Malicious code in bioql PyPI...

4.8CVSS5.4AI score0.00483EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2023-26452

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00399EPSS
Exploits0References1
Veracode
Veracode
added 2025/09/25 8:27 a.m.6 views

Stored Cross-site Scripting (XSS)

formcms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of uploaded avatar files, which allows an attacker to upload malicious .html files containing JavaScript that execute in a privileged user’s browser when accessed via a public URL...

6.1CVSS5.8AI score0.00198EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/09/15 2:15 p.m.15 views

CVE-2025-56710

A Cross-Site Request Forgery CSRF vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2.0. This flaw allows an attacker to trick authenticated users into unintentionally modifying their account details. By crafting a malicious HTML page, ...

7.3CVSS0.00183EPSS
Exploits1References1
NVD
NVD
added 2025/09/11 7:15 p.m.30 views

CVE-2025-59053

AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the packages/stage-ui/src/components/MarkdownRenderer.vue path, the Markdown content is processed using the useMarkdown composable, and the processed HTML is rendered directly into the DOM using v-html. An...

9.6CVSS0.00522EPSS
Exploits0References2
CVE
CVE
added 2025/08/22 12:0 a.m.18 views

CVE-2025-50733

NextChat has an XSS vulnerability in the HTMLPreview component (artifacts.tsx). User-influenced HTML from AI responses is rendered in an iframe with allow-scripts without proper sanitization, enabling injection of JavaScript. Impact stated includes exfiltration of sensitive data (e.g., API keys i...

6.1CVSS5.8AI score0.00188EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/19 8:16 p.m.3 views

Cross-site Scripting (XSS)

Overview mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the calculateMathMLDimensions function, which was introduced in 5c69e5f. An attacker can execute...

6.1CVSS5.5AI score0.0071EPSS
Exploits0References2
NVD
NVD
added 2025/08/19 3:15 p.m.9 views

CVE-2025-51488

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.4, allowing remote attackers to store and execute arbitrary JavaScript by including a malicious HTML payload in the Name parameter when creating a new Admin...

4.9CVSS0.00521EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.5 views

PT-2025-31558 · Cs Cart · Cs-Cart

Name of the Vulnerable Software and Affected Versions: CS Cart version 4.18.3 Description: A file upload vulnerability exists that allows attackers to execute arbitrary code. The software allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This...

6.1CVSS6AI score0.0022EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/07/22 12:0 a.m.4 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a type confusion vulnerability that stems from a flaw in the V8 engine's handling of malicious HTML pages. An attacker can exploit the vulnerability to trigger heap corruption via specially crafted HTML...

8.8CVSS7.6AI score0.0025EPSS
Exploits0References6
Snyk
Snyk
added 2025/07/14 11:41 p.m.1 views

Cross-site Scripting (XSS)

Overview org.xwiki.rendering:xwiki-rendering-syntax-xhtml is a library for the XWiki Rendering Engine Affected versions of this package are vulnerable to Cross-site Scripting XSS via dependency on xdom+xml/current syntax. An attacker can execute arbitrary JavaScript code in the context of the...

9CVSS5.5AI score0.00325EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/03 4:49 p.m.5 views

Malicious code in 182-23run (npm)

The package is malicious due to HTML injection in index.js redirecting to adult/malicious sites and a YARA match on a suspicious URL...

7.1AI score
Exploits0References1
Cvelist
Cvelist
added 2025/06/27 2:48 p.m.9 views

CVE-2023-38007 IBM Cloud Pak System HTML injection

IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browse...

5.4CVSS0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.9 views

SAP SAPUI5 跨站脚本漏洞

SAP SAPUI5 is a JavaScript application framework from SAP, a German company. A cross-site scripting vulnerability exists in SAP SAPUI5 that originates from allowing the injection of malicious HTML code that could result in a redirection to an attacker-controlled URL...

3CVSS6.3AI score0.00189EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:34 a.m.10 views

CVE-2024-22213

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the...

5.4CVSS6.9AI score0.00505EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:25 a.m.10 views

CVE-2024-0243

With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...

8.1CVSS7.8AI score0.00517EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:43 a.m.5 views

CVE-2023-20205

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device...

5.4CVSS5.7AI score0.00358EPSS
Exploits0References1
Rows per page
Query Builder