Lucene search
K

1237 matches found

NVD
NVD
added 5 days ago9 views

CVE-2025-58146

There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try generating the notification using the unsanitised input. This causes the database's event thread to terminate and cease further processing. 2. XAPI's UTF-8 encoder implements v3.0 of the Unicode spec, but...

9.4CVSS0.00137EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago31 views

CVE-2025-58146 XAPI UTF-8 string handling

There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try generating the notification using the unsanitised input. This causes the database's event thread to terminate and cease further processing. 2. XAPI's UTF-8 encoder implements v3.0 of the Unicode spec, but...

9.4CVSS0.00137EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2025-210446

There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try generating the notification using the unsanitised input. This causes the database's event thread to terminate and cease further processing. 2. XAPI's UTF-8 encoder implements v3.0 of the Unicode spec, but...

9.4CVSS5.9AI score0.00137EPSS
Exploits0References1
CVE
CVE
added 5 days ago36 views

CVE-2025-58146

CVE-2025-58146 affects Xen/XAPI: three issues in UTF-8 handling and input sanitisation of XAPI database. (1) Unsanitised input used for notifications can terminate the database event thread and stop processing. (2) UTF-8 encoder aligns with Unicode v3.0 while libraries use v3.1, allowing strings ...

9.4CVSS5.9AI score0.00137EPSS
Exploits0References3
NVD
NVD
added 6 days ago7 views

CVE-2026-49147

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...

7.5CVSS0.00329EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-49147 App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...

0.00329EPSS
Exploits0References1
CVE
CVE
added 6 days ago20 views

CVE-2026-49147

App::Ack for Perl, up to version 3.10.0, is affected by a vulnerability where terminal control bytes in filenames can be emitted un-sanitised in several output modes. The root cause is that while a _safe_filename helper was added in 3.10.0 to sanitise filenames for -f, -g, the colored match headi...

7.5CVSS5.9AI score0.00329EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-42275

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...

7.5CVSS5.9AI score0.00329EPSS
Exploits0References1
RustSec
RustSec
added 2026/06/30 12:0 p.m.9 views

mXSS in ammonia via MathML `annotation-xml` encoding strip

If a certain set of MathML tags are enabled, an attacker can inject arbitrary JavaScript code into the user's browser. The annotation-xml tag has slightly different behavior than the other "integration point" tags in MathML and SVG, but ammonia didn't handle it, so it didn't correctly strip the...

6AI score
Exploits0Affected Software1
OSV
OSV
added 2026/06/30 12:0 p.m.7 views

RUSTSEC-2026-0193 mXSS in ammonia via MathML `annotation-xml` encoding strip

If a certain set of MathML tags are enabled, an attacker can inject arbitrary JavaScript code into the user's browser. The annotation-xml tag has slightly different behavior than the other "integration point" tags in MathML and SVG, but ammonia didn't handle it, so it didn't correctly strip the...

6AI score
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 6:0 a.m.41 views

CVE-2026-10835 SALESmanago & Leadoo < 3.11.3 - Subscriber+ SQL Injection

The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as...

0.00215EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 2:16 a.m.11 views

CVE-2026-50745

A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input t...

6.1CVSS0.00224EPSS
Exploits1References1
NVD
NVD
added 2026/06/26 2:16 a.m.7 views

CVE-2026-50740

A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks...

6.1CVSS0.00222EPSS
Exploits1References1
CVE
CVE
added 2026/06/26 1:11 a.m.15 views

CVE-2026-50745

CVE-2026-50745 concerns Revive Adserver’s stats-video.php where user input is reflected due to missing sanitisation and unencoded URL parameters, arising from improper handling of the Smarty url helper. The HackerOne report confirms a reflected XSS vector in this script. No exploitation status or...

6.1CVSS5.8AI score0.00224EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/06/26 1:11 a.m.9 views

EUVD-2026-39604

A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks...

6.1CVSS6.3AI score0.00222EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/26 1:11 a.m.8 views

EUVD-2026-39605

A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input t...

4.7CVSS5.8AI score0.00224EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/26 1:11 a.m.43 views

CVE-2026-50740

A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks...

6.1CVSS0.00222EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/26 1:11 a.m.42 views

CVE-2026-50745

A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input t...

4.7CVSS0.00224EPSS
Exploits1References1
OSV
OSV
added 2026/06/26 1:11 a.m.2 views

CVE-2026-50740

A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks...

6.1CVSS6.4AI score0.00222EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52652

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A missing sanitisation issue exists in the stats-video.php script. The construction of URLs to this script does not follow best practices, and the output of the...

6.1CVSS5.7AI score0.00224EPSS
Exploits1References7
Rows per page
Query Builder