Lucene search
K

564 matches found

Nuclei
Nuclei
added yesterday42 views

EyouCms v1.6.2 - Cross-Site Scripting

EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /admin/twitter.php?activet. id: CVE-2023-41597 info: name: EyouCms v1.6.2 - Cross-Site Scripting author: ritikchaddha severity: medium description: | EyouCms v1.6.2 was discovered to...

6.1CVSS6.3AI score0.01224EPSS
Exploits1
Nuclei
Nuclei
added yesterday95 views

SuperWebMailer 9.00.0.01710 - Cross-Site Scripting

An issue was discovered in SuperWebMailer 9.00.0.01710 allowing XSS via crafted incorrect passwords. id: CVE-2023-38192 info: name: SuperWebMailer 9.00.0.01710 - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 allowi...

6.1CVSS6.4AI score0.01116EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday71 views

SuperWebMailer - Cross-Site Scripting

An issue was discovered in SuperWebMailer 9.00.0.01710 that allows keepalive.php XSS via a GET parameter. id: CVE-2023-38194 info: name: SuperWebMailer - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 that allows...

6.1CVSS6.4AI score0.0114EPSS
Exploits1References2
Redos
Redos
added 2026/06/29 12:0 a.m.5 views

ROS-20260629-73-0006

The vulnerability in ImageMagick 7 is related to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

9.2CVSS6AI score0.00895EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.10 views

Tridium Niagara Improper Encoding or Escaping of Output (CVE-2025-3942)

Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara...

7.5CVSS5.8AI score0.00239EPSS
Exploits0References2
NVD
NVD
added 2026/06/20 7:16 p.m.16 views

CVE-2026-56347

AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields that execute for all site...

6.1CVSS0.00167EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 6:27 p.m.9 views

EUVD-2026-38134

AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields that execute for all site...

6.1CVSS5.7AI score0.00167EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 3:30 p.m.13 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar Vulnerability Details CVEID:CVE-2026-29146 DESCRIPTION: Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1...

7.5CVSS5.4AI score0.0504EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 10:17 p.m.8 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Authentication, Insertion of Sensitive Information into Log File, Improper Encoding or Escaping of Output (CVE-2026-34500, CVE-2026-34487, CVE-2026-34483)

Summary There are vulnerabilities in tomcat-embed-core-10.1.52.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-34500, CVE-2026-34487, CVE-2026-34483. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-34483 DESCRIPTION: Improper Encoding or Escaping...

7.5CVSS6.8AI score0.00469EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/06/12 9:0 p.m.8 views

Improper Encoding or Escaping of Output

Overview org.webjars.npm:fabric is an Object model for HTML5 canvas, and SVG-to-canvas parser. Backed by jsdom and node-canvas. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the toSVG and getSvgStyles/getSvgSpanStyles paths in the gradient, object...

6.1CVSS5.5AI score0.00194EPSS
Exploits1References3
NVD
NVD
added 2026/06/10 5:16 p.m.16 views

CVE-2026-46609

Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is rendered in the confirmation dialog without proper output encoding. This issue has been patched in version 17.4.0...

4.6CVSS0.00136EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2026/06/08 12:0 a.m.3 views

The vulnerability of the Go programming language lies in improper encoding or encapsulation of output data, allowing attackers to gain access to and modify these data.

The vulnerability of the Go programming language is related to incorrect encoding or escaping of output data when processing the tag’s type attribute. Exploiting this vulnerability can allow an attacker to gain read and modify access to data remotely...

6.4CVSS5.7AI score0.00371EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/05 9:46 p.m.15 views

Twig: XSS in profiler HtmlDumper via unescaped template and profile names

Description Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName straight into its HTML output without escaping: php protected function formatTemplateProfile $profile, $prefix: string return \sprintf'%s└ %s', $prefix, self::$colors'template', $profile-getTemplate; The...

5.6AI score0.00037EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/05 9:46 p.m.7 views

GHSA-2G2G-8P8H-FGWM Twig: XSS in profiler HtmlDumper via unescaped template and profile names

Description Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName straight into its HTML output without escaping: php protected function formatTemplateProfile $profile, $prefix: string return \sprintf'%s└ %s', $prefix, self::$colors'template', $profile-getTemplate; The...

5.6AI score0.00037EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.9 views

CVE-2025-10503

The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...

6.1CVSS5AI score0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:48 p.m.8 views

CVE-2024-4867

The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject script content that is executed within the context of a user's browser. By leveraging this cross-site...

5.4CVSS5.2AI score0.00195EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 12:0 a.m.16 views

CVE-2026-36460

CVE-2026-36460 affects Dovestones Softwares ADPhonebook prior to v4.0.1.1. The issue is a Cross Site Scripting flaw in the /Admin/Save API where an authenticated admin can store malicious JavaScript payloads in multiple configuration sections due to missing input validation or output encoding. Af...

4.8CVSS5.8AI score0.0018EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/03 12:0 a.m.17 views

EUVD-2026-34140

Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding...

5.8AI score0.0018EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/28 7:7 p.m.68 views

LTD_Communication

LTD Communication — Cybersecurity Course Project Vulnerable...

6AI score
Exploits0
Snyk
Snyk
added 2026/05/27 9:41 a.m.8 views

Improper Encoding or Escaping of Output

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the UrlGenerator due to incorrectly encoding chained dot-segments ../ or ./. The legacy...

6.9CVSS5.8AI score0.00026EPSS
Exploits0References2
Rows per page
Query Builder