Lucene search
K

218 matches found

Cvelist
Cvelist
added 2026/02/12 10:48 p.m.25 views

CVE-2019-25330 SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH)

SurfOffline Professional 2.2.0.103 contains a structured exception handler SEH overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to...

7.5CVSS0.00314EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.8 views

PT-2026-7929

SurfOffline Professional 2.2.0.103 contains a structured exception handler SEH overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to...

7.5CVSS5.6AI score0.00314EPSS
Exploits0References5
OSV
OSV
added 2026/01/22 3:31 a.m.6 views

CVE-2026-24037 Horilla HRM has XSS Bypass through Project Name

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the hasxss function attempts to block XSS by matching input against a set of regex patterns. However, the regexes are incomplete and context-agnostic, making them easy to bypass. Attackers are able to...

4.8CVSS5.4AI score0.00227EPSS
Exploits1References4
CVE
CVE
added 2026/01/22 3:31 a.m.17 views

CVE-2026-24037

Horilla HRMS has_XSS bypass in version 1.4.0 due to incomplete, context-agnostic regex filtering in has_xss(), enabling attackers to redirect users, run external JavaScript, and steal CSRF tokens for admin-targeted CSRF attacks. The issue is fixed in version 1.5.0. Affected: Horilla 1.4.x → fixed...

5.4CVSS5.3AI score0.00227EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/22 3:31 a.m.3 views

CVE-2026-24037 Horilla HRM has XSS Bypass through Project Name

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the hasxss function attempts to block XSS by matching input against a set of regex patterns. However, the regexes are incomplete and context-agnostic, making them easy to bypass. Attackers are able to...

4.8CVSS5.3AI score0.00227EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/22 3:31 a.m.27 views

CVE-2026-24037 Horilla HRM has XSS Bypass through Project Name

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the hasxss function attempts to block XSS by matching input against a set of regex patterns. However, the regexes are incomplete and context-agnostic, making them easy to bypass. Attackers are able to...

4.8CVSS0.00227EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:7 a.m.6 views

CVE-2019-20008

In Archery before 1.3, inserting an XSS payload into a project name either by creating a new project or editing an existing one will result in stored XSS on the vulnerability-scan scheduling page...

5.4CVSS5.8AI score0.00761EPSS
Exploits1References1
CVE
CVE
added 2026/01/05 5:44 p.m.13 views

CVE-2025-59158

CVE-2025-59158 affects Coolify, a self-hosted application management platform. Version scope: vulnerable when using versions up to and including v4.0.0-beta.420.6; a stored cross-site scripting (XSS) flaw exists in the project creation workflow. An authenticated user with low privileges (e.g., me...

9.4CVSS5.2AI score0.00474EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/01/05 5:44 p.m.4 views

CVE-2025-59158 Coolify has Stored XSS in Project Name

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting XSS attack in the project creation workflow. An authenticated user with low privileges e.g....

9.4CVSS5.5AI score0.00474EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/05 5:44 p.m.27 views

CVE-2025-59158 Coolify has Stored XSS in Project Name

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting XSS attack in the project creation workflow. An authenticated user with low privileges e.g....

9.4CVSS0.00474EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.5 views

PT-2026-1314

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.420.7 Description Coolify is a self-hostable tool for managing servers, applications, and databases. A stored cross-site scripting XSS issue exists in the project creation workflow. An authenticated user wi...

9.4CVSS5.4AI score0.00474EPSS
Exploits1References5
OSV
OSV
added 2025/11/06 11:48 p.m.7 views

GHSA-FV2R-R8MP-PG48 Soft Serve does not sanitize ANSI escape sequences in user input

Impact In several places where the user can insert data e.g. names, ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository...

4.6CVSS6.8AI score0.00174EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/11/06 11:48 p.m.12 views

Soft Serve does not sanitize ANSI escape sequences in user input

Impact In several places where the user can insert data e.g. names, ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository...

4.6CVSS6.8AI score0.00174EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/20 8:3 p.m.3 views

CVE-2025-62528 Taguette cross-site scripting vulnerability via tag name, tag description, document name and document description

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...

5.4CVSS6.3AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-7035

Malware in sbrugna...

4.3CVSS6.4AI score0.01927EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-0105

Malware in sbrugna...

5.4CVSS5.6AI score0.00761EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-6906

Malware in sbrugna...

4.3CVSS6.4AI score0.03435EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-7584

Malware in sbrugna...

5.4CVSS5.6AI score0.00539EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2013-1926

Malware in sbrugna...

5.4CVSS5.5AI score0.0101EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-50690

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00414EPSS
Exploits1References3
Rows per page
Query Builder