Lucene search
K

12 matches found

Cvelist
Cvelist
added 2026/03/05 9:59 p.m.25 views

CVE-2026-28394 OpenClaw < 2026.2.15 - Denial of Service via Unbounded Response Parsing in web_fetch Tool

OpenClaw versions prior to 2026.2.15 contain a denial of service vulnerability in the webfetch tool that allows attackers to crash the Gateway process through memory exhaustion by parsing oversized or deeply nested HTML responses. Remote attackers can social-engineer users into fetching malicious...

6.9CVSS0.00388EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/06 6:17 a.m.6 views

EUVD-2026-5678

A reflected cross-site scripting XSS vulnerability in the PDF export functionality of the TYDAC AG MAP+ solution allows unauthenticated attackers to craft a malicious URL, that if visited by a victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered through...

7.1CVSS5.4AI score0.00263EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/20 11:33 a.m.22 views

CVE-2025-40644 Reflected Cross-Site Scripting (XSS) in QRGen's Riftzilla

Reflected Cross-Site Scripting XSS vulnerability in Riftzilla's QRGen. This vulnerability allows an attavker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'id' parameter in '/article.php'. This vulnerability can be exploited to steal sensitive user...

5.1CVSS0.00318EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-32121

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00181EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/02 2:46 p.m.8 views

CVE-2025-59772 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

5.1CVSS0.00181EPSS
Exploits0References1
CVE
CVE
added 2025/10/02 2:35 p.m.11 views

CVE-2025-59762

CVE-2025-59762 is a reflected XSS in AndSoft e-TMS v25.03. The vulnerability stems from insufficient validation of the parameters l, demo, demo2, TNTLOGIN, UO and SuppConn in /clt/LOGINFRM_DLG.ASP, enabling an attacker to inject JavaScript via a malicious URL. Documented across NVD/CVE records an...

6.1CVSS6.1AI score0.00181EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.5 views

PT-2025-32604 · Sap · Sap Netweaver Application Server Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server for ABAP affected versions not specified Description: SAP NetWeaver Application Server for ABAP is susceptible to a cross-site scripting issue. An unauthenticated attacker can create a URL containing a malicio...

6.1CVSS6.5AI score0.00205EPSS
Exploits0References6
Snyk
Snyk
added 2025/07/07 9:55 a.m.2 views

Improper Validation of Syntactic Correctness of Input

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input via improper handling of user-supplied URLs by using the startswith method in imageutils.py. An...

5.1CVSS6.8AI score0.00329EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/07/03 12:0 a.m.4 views

Discourse Security Breach

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email and chat room features. Discourse suffers from a security vulnerability that stems from a carefully crafted malicious URL that degrades availability and leads to a denial o...

7.5CVSS6.7AI score0.0059EPSS
Exploits0References5
OSV
OSV
added 2022/08/01 10:15 p.m.17 views

PYSEC-2022-248

Streamlit is a data oriented application development framework for python. Users hosting Streamlit apps that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially othe...

6.5CVSS6.5AI score0.01323EPSS
Exploits0References2
OSV
OSV
added 2019/04/24 9:29 p.m.1 views

CVE-2019-8995

The workspace client, openspace client, and app development client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user...

6.1CVSS5.8AI score0.01137EPSS
Exploits0References3
CNVD
CNVD
added 2017/12/07 12:0 a.m.2 views

Zhejiang Dahua Network Hard Disk Recorder DH-NVR2104HS-S1 has logical design loopholes

Zhejiang Dahua Network DVR DH-NVR2104HS-S1 is a network DVR that integrates 4-channel 10/100Mbps switch ports and supports 1080P HD real-time real-time preview and so on. A logical design vulnerability exists in the Zhejiang Dahua Network DVR DH-NVR2104HS-S1. An attacker can use the vulnerability...

6.9AI score
Exploits0
Rows per page
Query Builder