Lucene search
K

7 matches found

OSV
OSV
added 2026/06/12 3:49 p.m.4 views

CVE-2026-7184 Mattermost Remote Cluster PATCH API Leaks Authentication Tokens

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the managesecureconnections permission to obtain remote cluster authentication tokens via a PATCH request to the...

6.5CVSS6AI score0.00255EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.17 views

PT-2026-46114

Name of the Vulnerable Software and Affected Versions Anti-Spam by CleanTalk versions 0.0.0 through 9.7.1 Description Reflected Cross-site Scripting XSS occurs when the module fails to sufficiently sanitize API response messages before rendering them in HTML output. Specifically, the cleantalk di...

6.2AI score0.00161EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 7 : ruby-2.0.0.648-33.0.1.el7.AXS7 (AXSA:2018-2583:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2583:01 advisory. It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploi...

9.8CVSS8.7AI score0.73829EPSS
Exploits14References12
RedhatCVE
RedhatCVE
added 2025/05/23 5:43 a.m.14 views

CVE-2023-39150

ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387...

9.8CVSS7.6AI score0.00866EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/30 12:0 a.m.6 views

CVE-2024-48648

A Reflected Cross-Site Scripting XSS vulnerability exists in the Sage 1000 v 7.0.0. This vulnerability allows attackers to inject malicious scripts into URLs, which are reflected back by the server in the response without proper sanitization or encoding...

5.7AI score0.00325EPSS
Exploits2References1
OSV
OSV
added 2020/08/21 9:15 p.m.5 views

UBUNTU-CVE-2020-8227

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory...

6.8CVSS5.8AI score0.2245EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2009/11/04 12:0 a.m.26 views

e-Courier CMS Cross Site Scripting

Vendor: e-Courier http://www.ecouriersoftware.com/ Product: CMS Tracking Site Issue: Cross-Site Scripting. Description: Nearly all pages include the URI Parameter UserGUID, which is not sanitized before being included in the response. Example:...

7.4AI score
Exploits0
Rows per page
Query Builder