Lucene search
+L

572 matches found

nuclei
nuclei
added 8 hours ago42 views

EyouCms v1.6.2 - Cross-Site Scripting

EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /admin/twitter.php?activet. id: CVE-2023-41597 info: name: EyouCms v1.6.2 - Cross-Site Scripting author: ritikchaddha severity: medium description: | EyouCms v1.6.2 was discovered to...

6.1CVSS6.3AI score0.01224EPSS
Exploits1
nuclei
nuclei
added 8 hours ago95 views

SuperWebMailer 9.00.0.01710 - Cross-Site Scripting

An issue was discovered in SuperWebMailer 9.00.0.01710 allowing XSS via crafted incorrect passwords. id: CVE-2023-38192 info: name: SuperWebMailer 9.00.0.01710 - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 allowi...

6.1CVSS6.4AI score0.01116EPSS
Exploits1References3
nuclei
nuclei
added 8 hours ago71 views

SuperWebMailer - Cross-Site Scripting

An issue was discovered in SuperWebMailer 9.00.0.01710 that allows keepalive.php XSS via a GET parameter. id: CVE-2023-38194 info: name: SuperWebMailer - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 that allows...

6.1CVSS6.4AI score0.0114EPSS
Exploits1References2
nvd
nvd
added 2 days ago4 views

CVE-2026-48358

Adobe Commerce is affected by an Improper Encoding or Escaping of Output vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00903EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago31 views

CVE-2026-48358 Adobe Commerce | Improper Encoding or Escaping of Output (CWE-116)

Adobe Commerce is affected by an Improper Encoding or Escaping of Output vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.1CVSS0.00903EPSS
Exploits0References1
cve
cve
added 2 days ago6 views

CVE-2026-48358

Adobe Commerce is affected by an Improper Encoding or Escaping of Output vulnerability (CWE-116) that could lead to arbitrary code execution in the context of the current user. The issue enables code execution without user interaction and is rated CRITICAL (CVSS 3.1: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I...

10CVSS6.5AI score0.00903EPSS
Exploits0References1Affected Software1
mscve
mscve
added 2 days ago4 views

.NET Spoofing Vulnerability

Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network...

6.5CVSS6.1AI score0.00415EPSS
Exploits0
ptsecurity
ptsecurity
added 2 days ago6 views

PT-2026-58807

Name of the Vulnerable Software and Affected Versions .NET versions prior to 8.0.29 .NET versions prior to 9.0.18 .NET versions prior to 10.0.10 Description Improper encoding or escaping of output allows an authorized attacker to perform spoofing over a network by manipulating output in transit...

6.5CVSS6.1AI score0.00415EPSS
Exploits0References3
redos
redos
added 2026/06/29 12:0 a.m.5 views

ROS-20260629-73-0006

The vulnerability in ImageMagick 7 is related to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

9.2CVSS6AI score0.00895EPSS
Exploits0
osv
osv
added 2026/06/26 1:11 a.m.4 views

CVE-2026-50745

A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input t...

4.7CVSS5.9AI score0.00224EPSS
Exploits1References3
nessus
nessus
added 2026/06/25 12:0 a.m.11 views

Tridium Niagara Improper Encoding or Escaping of Output (CVE-2025-3942)

Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara...

7.5CVSS5.8AI score0.00239EPSS
Exploits0References2
osv
osv
added 2026/06/23 10:9 p.m.6 views

CVE-2026-56785 FlatPress - Stored Cross-Site Scripting via Unescaped Comment and Contact Form Fields

FlatPress contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templates. Attackers can inject arbitrary HTML and JavaScript through these fields to execute malicious scripts in...

8.4CVSS6AI score0.00243EPSS
Exploits0References5
nvd
nvd
added 2026/06/20 7:16 p.m.16 views

CVE-2026-56347

AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields that execute for all site...

6.1CVSS0.00167EPSS
Exploits0References2
euvd
euvd
added 2026/06/20 6:27 p.m.9 views

EUVD-2026-38134

AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields that execute for all site...

6.1CVSS5.7AI score0.00167EPSS
Exploits0References2
ibm
ibm
added 2026/06/17 3:30 p.m.15 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar Vulnerability Details CVEID:CVE-2026-29146 DESCRIPTION: Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1...

7.5CVSS5.4AI score0.0504EPSS
Exploits1Affected Software1
ibm
ibm
added 2026/06/15 10:17 p.m.8 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Authentication, Insertion of Sensitive Information into Log File, Improper Encoding or Escaping of Output (CVE-2026-34500, CVE-2026-34487, CVE-2026-34483)

Summary There are vulnerabilities in tomcat-embed-core-10.1.52.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-34500, CVE-2026-34487, CVE-2026-34483. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-34483 DESCRIPTION: Improper Encoding or Escaping...

7.5CVSS6.8AI score0.00469EPSS
Exploits0Affected Software1
snyk
snyk
added 2026/06/12 9:0 p.m.9 views

Improper Encoding or Escaping of Output

Overview org.webjars.npm:fabric is an Object model for HTML5 canvas, and SVG-to-canvas parser. Backed by jsdom and node-canvas. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the toSVG and getSvgStyles/getSvgSpanStyles paths in the gradient, object...

6.1CVSS5.5AI score0.00194EPSS
Exploits1References3
nvd
nvd
added 2026/06/10 5:16 p.m.16 views

CVE-2026-46609

Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is rendered in the confirmation dialog without proper output encoding. This issue has been patched in version 17.4.0...

4.6CVSS0.00136EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2026/06/08 12:0 a.m.3 views

The vulnerability of the Go programming language lies in improper encoding or encapsulation of output data, allowing attackers to gain access to and modify these data.

The vulnerability of the Go programming language is related to incorrect encoding or escaping of output data when processing the tag’s type attribute. Exploiting this vulnerability can allow an attacker to gain read and modify access to data remotely...

6.4CVSS5.7AI score0.00371EPSS
Exploits0References6Affected Software2
osv
osv
added 2026/06/05 9:46 p.m.7 views

GHSA-2G2G-8P8H-FGWM Twig: XSS in profiler HtmlDumper via unescaped template and profile names

Description Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName straight into its HTML output without escaping: php protected function formatTemplateProfile $profile, $prefix: string return \sprintf'%s└ %s', $prefix, self::$colors'template', $profile-getTemplate; The...

5.4CVSS5.6AI score0.00269EPSS
Exploits0References5
Rows per page
Query Builder