Lucene search
K

56 matches found

NVD
NVD
added 2 days ago4 views

CVE-2026-36214

osTicket versions from 1.10 up to 1.17.7 and from 1.18.0 up to 1.18.3 are vulnerable to a stored XSS due to a vulnerable Bootstrap Tooltip component and insufficient HTML sanitization, allowing remote attackers to execute arbitrary JavaScript in Agent or Admin sessions...

5.4CVSS0.00392EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.14 views

PT-2026-52195

Name of the Vulnerable Software and Affected Versions GitLab EE versions 16.4 through 18.11.5 GitLab EE versions 19.0 through 19.0.2 GitLab EE versions 19.1 through 19.1.0 Description Improper sanitization of user-supplied input allows an authenticated user with developer-role permissions to...

8.7CVSS6.1AI score0.00231EPSS
Exploits0References10
Snyk
Snyk
added 2026/06/04 6:55 p.m.2 views

Cross-site Scripting (XSS)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS through improper sanitization in the WebSocket messaging process. An attacker can execute arbitrary JavaScript in the browser session of...

7.7CVSS5.9AI score0.0013EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 5:17 p.m.4 views

CVE-2026-20081

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...

6.5CVSS0.00388EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/10 7:20 p.m.8 views

Cross-site Scripting (XSS)

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the handling of URL sanitization helpers, HTML serialization, Markdown passthrough, and custom sanitization-policy edge cases. An attacker can execut...

6.1CVSS5.7AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31546

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.2 through 18.8.8, 18.9 through 18.9.4, and 18.10 through 18.10.2 Description GitLab EE versions are susceptible to a flaw in customizable analytics dashboards. An authenticated user could potentially execute arbitrary...

5.4CVSS6AI score0.00279EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.11 views

WordPress plugin WPFAQBlock– FAQ & Accordion Plugin For Gutenberg 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.9 views

PT-2026-26871

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'naam' parameter in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfie option page function combined with insufficient input sanitization and output...

6.1CVSS5.8AI score0.00242EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.9 views

Lantronix EDS5000 安全漏洞

The Lantronix EDS5000 is a serial port device server developed by the American company Lantronix. The Lantronix EDS5000 version 2.1.0.0R3 contains a security vulnerability. This vulnerability stems from insufficient cleaning of input parameters on the SSH Client and SSH Server pages, which may...

9.8CVSS6.8AI score0.00329EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2026/03/05 4:4 p.m.11 views

USN-8077-1: Bleach vulnerabilities

It was discovered that Bleach did not properly sanitize URI attributes containing character entities. An attacker could possibly use this issue to construct a URI with a disallowed scheme that would bypass sanitization, leading to cross-site scripting. This issue only affected Ubuntu 18.04 LTS...

9.8CVSS5.5AI score0.02195EPSS
Exploits4
NVD
NVD
added 2026/02/07 9:16 a.m.13 views

CVE-2026-1643

The MP-Ukagaka plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if...

6.1CVSS0.00264EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.6 views

CVE-2025-14657

The Eventin – Event Manager, Events Calendar, Event Tickets and Registrations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postsettings' function in all versions up to, and including, 4.0.51. This makes it possible for...

7.2CVSS5.7AI score0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:15 a.m.10 views

CVE-2024-2845

The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.2 due to insufficient input...

6.4CVSS5.8AI score0.00353EPSS
Exploits0References1
NVD
NVD
added 2025/12/05 6:16 a.m.7 views

CVE-2025-12368

The Sermon Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sermon-views shortcode in all versions up to, and including, 2.30.0. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticate...

6.4CVSS0.00194EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.10 views

PT-2025-48135

The Houzez theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping in the houzez property img upload and houzez property attachment upload functions. This makes it...

6.1CVSS5.3AI score0.00179EPSS
Exploits0References3
NVD
NVD
added 2025/10/29 10:15 a.m.6 views

CVE-2025-12450

The LiteSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 7.5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

6.1CVSS0.00382EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-17244

Malicious code in bioql PyPI...

6.4CVSS7.2AI score0.00429EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-57958

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00508EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-34031

Malicious code in bioql PyPI...

6.4CVSS8.8AI score0.0031EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/23 12:0 a.m.4 views

PT-2025-30551 · Iotgen · Iotgen

Name of the Vulnerable Software and Affected Versions: Apache IoT affected versions not specified Description: An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to improper sanitizing of user input in the Main Web Interface. The vulnerabl...

8.8CVSS7AI score0.00696EPSS
Exploits0References7
Rows per page
Query Builder