Lucene search
K

897 matches found

NVD
NVD
added 2026/02/25 8:23 p.m.10 views

CVE-2026-25136

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.3.1 in the rendering of the ExceptionMessa...

8.1CVSS0.00263EPSS
Exploits1References5
Snyk
Snyk
added 2026/02/25 7:29 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of user-controlled input in the identity name field without proper output encoding. An attacker can execute arbitrary JavaScript in the context of the WebUI by storing malicious scripts in the...

8.2CVSS5.9AI score0.00287EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/02/25 7:29 p.m.7 views

Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name

Summary A stored Cross-site Scripting XSS vulnerability was identified in the Identity Name of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the Web...

6.1CVSS5.8AI score0.00287EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 7:29 p.m.7 views

Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata

Summary A stored Cross-site Scripting XSS vulnerability was identified in the RSE metadata of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebU...

6.1CVSS5.9AI score0.00287EPSS
Exploits1References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/25 6:57 p.m.2 views

CVE-2026-25136 Rucio WebUI has a Reflected Cross-site Scripting Vulnerability

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.3.1 in the rendering of the ExceptionMessa...

8.1CVSS5.9AI score0.00263EPSS
Exploits1References5
OSV
OSV
added 2026/02/25 6:57 p.m.4 views

CVE-2026-25136 Rucio WebUI has a Reflected Cross-site Scripting Vulnerability

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.3.1 in the rendering of the ExceptionMessa...

8.1CVSS5.6AI score0.00263EPSS
Exploits1References7
OSV
OSV
added 2026/02/25 6:53 p.m.5 views

GHSA-H79M-5JJM-JM4Q Rucio WebUI has a Reflected Cross-site Scripting Vulnerability

Summary A reflected Cross-site Scripting vulnerability was located in the rendering of the ExceptionMessage of the WebUI 500 error which could allow attackers to steal login session tokens of users who navigate to a specially crafted URL. Details The WebUI error message renders ExceptionMessage...

8.1CVSS6.3AI score0.00263EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/02/25 2:52 a.m.25 views

CVE-2026-27632 Talishar Vulnerable to Cross-Site Request Forgery (CSRF)

Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery CSRF protections on critical state-changing endpoints, specifically within SubmitChat.php and other game interaction handlers. By...

2.6CVSS0.00092EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/25 2:52 a.m.4 views

CVE-2026-27632 Talishar Vulnerable to Cross-Site Request Forgery (CSRF)

Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery CSRF protections on critical state-changing endpoints, specifically within SubmitChat.php and other game interaction handlers. By...

2.6CVSS5.6AI score0.00092EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/25 2:52 a.m.4 views

CVE-2026-27632

Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery CSRF protections on critical state-changing endpoints, specifically within SubmitChat.php and other game interaction handlers. By...

3.1CVSS5.5AI score0.00092EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/24 1:34 p.m.7 views

CVE-2025-59873

An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the...

5.9CVSS5.3AI score0.00284EPSS
Exploits0References1
NVD
NVD
added 2026/02/23 11:16 a.m.6 views

CVE-2025-59873

An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the...

5.9CVSS0.00284EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/23 10:56 a.m.10 views

CVE-2025-59873 Session Token Exposure via URL Query Parameters

An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the...

5.9CVSS5.3AI score0.00284EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/23 10:56 a.m.27 views

CVE-2025-59873 Session Token Exposure via URL Query Parameters

An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the...

5.9CVSS0.00284EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/23 10:56 a.m.5 views

CVE-2025-59873

An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the...

5.9CVSS5.3AI score0.00284EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/23 5:32 a.m.6 views

CVE-2026-2974 AliasVault App Backup aliasvault.xml backup

A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file sharedprefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/refreshToken/metadata/keyderivationparams/authmethods leads to...

2CVSS5AI score0.00099EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/02/23 5:32 a.m.29 views

CVE-2026-2974 AliasVault App Backup aliasvault.xml backup

A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file sharedprefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/refreshToken/metadata/keyderivationparams/authmethods leads to...

2.5CVSS0.00099EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.8 views

HCL Software ZIE for Web 安全漏洞

HCL Software ZIE for Web is a terminal emulation software developed by the Indian company HCL. Version HCL Software ZIE for Web v16 contains a security vulnerability. This vulnerability stems from the application transmitting sensitive session tokens and authentication identifiers through URL que...

5.9CVSS5.8AI score0.00284EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.6 views

PT-2026-21515

An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the...

5.9CVSS5.3AI score0.00284EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/19 1:28 p.m.5 views

CVE-2026-1435

Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...

9.8CVSS5.5AI score0.00367EPSS
Exploits0References1
Rows per page
Query Builder