Lucene search
+L

192 matches found

nvd
nvd
added 2 days ago6 views

CVE-2026-47730

Twig is a template language for PHP. From 3.0.0 until 3.26.0, Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName into HTML output without escaping, allowing attacker-controlled template or profile names to inject arbitrary HTML when a browser renders the profiler dum...

5.4CVSS0.00269EPSS
Exploits0References3
nuclei
nuclei
added 2 days ago103 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/dns.php Profile Name or notes field. id: CVE-2018-19914 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting...

4.8CVSS6.3AI score0.03316EPSS
Exploits5References5
nessus
nessus
added 2 days ago2 views

openSUSE 16 Security Update : perl-DBI (openSUSE-SU-2026:21293-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21293-1 advisory. This update for perl-DBI fixes the following issues - CVE-2026-14380: unvalidated string eval interpolation of the Profile package name can lead...

9.1CVSS6.3AI score0.00498EPSS
Exploits0References6
osv
osv
added 6 days ago2 views

OPENSUSE-SU-2026:21293-1 Security update for perl-DBI

This update for perl-DBI fixes the following issues - CVE-2026-14380: unvalidated string eval interpolation of the Profile package name can lead to arbitrary Perl code execution bsc1271018. - CVE-2026-14740: one-byte out-of-bounds read when deleting an initial SQL comment line can lead to a proce...

9.1CVSS6.3AI score0.00498EPSS
Exploits0References4
nvd
nvd
added 2026/06/22 4:16 p.m.13 views

CVE-2026-11943

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name...

4.8CVSS0.00261EPSS
Exploits0References2
osv
osv
added 2026/06/22 3:30 p.m.3 views

CVE-2026-11943 Akaunting 3.1.21 - Authenticated stored XSS in document timeline

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name...

4.8CVSS5.8AI score0.00261EPSS
Exploits0References4
euvd
euvd
added 2026/06/22 3:30 p.m.8 views

EUVD-2026-38270

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References2
cve
cve
added 2026/06/22 3:30 p.m.24 views

CVE-2026-11943

CVE-2026-11943 affects Akaunting 3.1.21 and is an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name, which can be reflected in the UI. The CVSS4 vector ...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/07 12:43 a.m.13 views

CVE-2026-44724

A flaw was found in systeminformation, a Node.js library. This vulnerability allows a local attacker on Linux to inject arbitrary commands. This occurs when an active NetworkManager connection profile name contains shell metacharacters, which are not properly sanitized before being used in shell...

7.8CVSS5.3AI score0.0062EPSS
Exploits0References4
osv
osv
added 2026/06/05 9:46 p.m.7 views

GHSA-2G2G-8P8H-FGWM Twig: XSS in profiler HtmlDumper via unescaped template and profile names

Description Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName straight into its HTML output without escaping: php protected function formatTemplateProfile $profile, $prefix: string return \sprintf'%s└ %s', $prefix, self::$colors'template', $profile-getTemplate; The...

5.4CVSS5.6AI score0.00269EPSS
Exploits0References5
github
github
added 2026/06/05 9:46 p.m.15 views

Twig: XSS in profiler HtmlDumper via unescaped template and profile names

Description Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName straight into its HTML output without escaping: php protected function formatTemplateProfile $profile, $prefix: string return \sprintf'%s└ %s', $prefix, self::$colors'template', $profile-getTemplate; The...

5.4CVSS5.6AI score0.00269EPSS
Exploits0References5Affected Software1
osv
osv
added 2026/05/27 7:26 p.m.2 views

CVE-2026-44724 systeminformation: Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

7.8CVSS6AI score0.0062EPSS
Exploits0References7
vulnrichment
vulnrichment
added 2026/05/27 7:26 p.m.10 views

CVE-2026-44724 systeminformation: Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

7.8CVSS5.8AI score0.0062EPSS
Exploits0References1
euvd
euvd
added 2026/05/27 7:26 p.m.13 views

EUVD-2026-32639

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

7.8CVSS5.8AI score0.0062EPSS
Exploits0References1
patchstack
patchstack
added 2026/05/13 3:29 p.m.9 views

NPM: Systeminformation vulnerable to Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name

NPM: Systeminformation vulnerable to Linux command injection in networkInterfaces via unsanitized NetworkManager connection profile name vulnerability discovered by ? in WordPress Npm systeminformation versions = 4.17.0, = 5.31.5...

7.8CVSS5.8AI score0.0062EPSS
Exploits0References3Affected Software1
redhatcve
redhatcve
added 2026/04/07 5:3 p.m.5 views

CVE-2026-34989

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 31.0.0.0, the application fails to properly sanitize user-controlled input when users update their profile name e.g., full name / username. An...

9.4CVSS5.8AI score0.00297EPSS
Exploits1References1
nvd
nvd
added 2026/04/06 5:17 p.m.11 views

CVE-2026-34989

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 31.0.0.0, the application fails to properly sanitize user-controlled input when users update their profile name e.g., full name / username. An...

9.4CVSS0.00297EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/04/06 4:25 p.m.2 views

CVE-2026-34989 CI4MS affected by Profile & User Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 31.0.0.0, the application fails to properly sanitize user-controlled input when users update their profile name e.g., full name / username. An...

9.4CVSS5.8AI score0.00297EPSS
Exploits1References1
cvelist
cvelist
added 2026/04/06 4:25 p.m.24 views

CVE-2026-34989 CI4MS affected by Profile & User Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 31.0.0.0, the application fails to properly sanitize user-controlled input when users update their profile name e.g., full name / username. An...

9.4CVSS0.00297EPSS
Exploits1References1
osv
osv
added 2026/04/06 4:25 p.m.3 views

CVE-2026-34989 CI4MS affected by Profile & User Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 31.0.0.0, the application fails to properly sanitize user-controlled input when users update their profile name e.g., full name / username. An...

9.4CVSS5.9AI score0.00297EPSS
Exploits1References3
Rows per page
Query Builder