Lucene search
K

30 matches found

Cvelist
Cvelist
added 2026/05/27 2:25 a.m.40 views

CVE-2026-48999 Stored Cross-Site Scripting (XSS) vulnerability in ZTE ZXUniPOS NDS-LTE product

Attackers carefully craft malicious scripts, such as JavaScript, and inject them into target systems; when other users access pages containing such malicious content, the scripts are automatically loaded and executed in the victim's browser.Attackers can thereby steal user cookies, hijack session...

5.7CVSS0.00169EPSS
Exploits0References1
NVD
NVD
added 2026/05/22 8:16 p.m.8 views

CVE-2026-40295

Devise is an authentication solution for Rails based on Warden. In versions 5.0.3 and below, when the Timeoutable module is enabled in Devise, the FailureAppredirecturl method returns request.referrer — the HTTP Referer header, which is attacker-controllable — without validation for any non-GET...

6.1CVSS0.00241EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 11:55 a.m.3 views

CVE-2026-25101

Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2...

8.7CVSS5.8AI score0.01919EPSS
Exploits4References3
Snyk
Snyk
added 2026/03/24 10:27 p.m.10 views

User Impersonation

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to User Impersonation through the createOrRestoreSession function in the MQTT session manager. ...

8.3CVSS5.9AI score0.0024EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/25 10:28 p.m.4 views

Cross-site Scripting (XSS)

Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the workflow creation and editing process in various nodes, including Form Trigger, Chat Trigger, Send & Wait, Webhook, and Chat nodes. An attacker can execute arbitrary scripts...

8.5CVSS5.9AI score0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/18 9:10 p.m.4 views

CVE-2026-27177 MajorDoMo Stored Cross-Site Scripting via Property Set Endpoint

MajorDoMo aka Major Domestic Module contains a stored cross-site scripting XSS vulnerability via the /objects/?op=set endpoint, which is intentionally unauthenticated for IoT device integration. User-supplied property values are stored raw in the database without sanitization. When an administrat...

7.2CVSS5.2AI score0.00196EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/03 12:0 a.m.5 views

CVE-2025-65923

A Stored Cross-Site Scripting XSS vulnerability was discovered within the CSV import mechanism of ERPNext thru 15.88.1 when using the Update Existing Recordsoption. An attacker can embed malicious JavaScript code into a CSV field, which is then stored in the database and executed whenever the...

5.7AI score0.00162EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/15 1:14 p.m.21 views

CVE-2026-22644

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...

5.3CVSS0.00478EPSS
Exploits0References6
CVE
CVE
added 2025/12/27 12:21 a.m.17 views

CVE-2025-68948

SiYuan Note (pre-3.5.1) stores session data with a hardcoded cryptographic secret, making session encryption ineffective. The AccessAuthCode is kept in the session cookie, so an attacker who obtains or intercepts that cookie can locally decrypt it with the public key, retrieve the code in plain t...

8.1CVSS6.3AI score0.00197EPSS
Exploits1References1Affected Software1
SUSE CVE
SUSE CVE
added 2025/11/22 12:23 a.m.4 views

SUSE CVE-2025-60796

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting XSS vulnerabilities across various components. User-supplied input from $REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.ph...

6.1CVSS6.5AI score0.00198EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/27 7:39 a.m.21 views

EUVD-2025-36121

Stored cross-site scripting XSS vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to execute arbitrary JavaScript code in a victim's browser. The vulnerability is due to improper sanitization of SVG file uploads. An attacker can...

7.1CVSS5.5AI score0.00179EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2009-2188

Malware in sbrugna...

7.5CVSS6.1AI score0.02511EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-6748

Malicious code in bioql PyPI...

4.3CVSS6.4AI score0.00711EPSS
Exploits0References3
OSV
OSV
added 2025/09/24 5:25 p.m.6 views

CVE-2025-48867 Horilla Stored Cross-Site Scripting (XSS) Vulnerability in Project and Task Modules

Horilla is a free and open source Human Resource Management System HRMS. A stored cross-site scripting XSS vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads...

4.8CVSS5.7AI score0.00223EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/09/03 7:51 p.m.23 views

CVE-2025-55162 Envoy: oAuth2 Filter Signout route will not clear cookies because of missing "secure;" flag

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4 and 1.35.0, insufficient Session Expiration in the Envoy OAuth2 filter leads to failed logout operations. Whe...

6.3CVSS0.0031EPSS
Exploits1References2
OSV
OSV
added 2025/09/03 12:0 a.m.7 views

ALSA-2025:15123 Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient escaping of user-supplied data in modssl CVE-2024-47252 httpd: modssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption...

9.1CVSS6.8AI score0.01149EPSS
Exploits1References10
AlmaLinux
AlmaLinux
added 2025/09/02 12:0 a.m.9 views

Moderate: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient escaping of user-supplied data in modssl CVE-2024-47252 httpd: modssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption...

9.1CVSS6.9AI score0.0097EPSS
Exploits1References8
OSV
OSV
added 2025/09/02 12:0 a.m.8 views

ALSA-2025:15023 Moderate: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient escaping of user-supplied data in modssl CVE-2024-47252 httpd: modssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption...

9.1CVSS6.9AI score0.0097EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2025/08/28 4:54 p.m.8 views

Moderate: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.1CVSS7.4AI score0.0097EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/08/20 5:33 p.m.13 views

CVE-2025-55287

Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Stored Cross-Site Scripting XSS vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and UI...

8CVSS6.5AI score0.00298EPSS
Exploits1References1
Rows per page
Query Builder