Lucene search
K

26 matches found

Patchstack
Patchstack
added 2026/05/11 7:36 p.m.11 views

NPM: Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection

NPM: Mermaid: Improper sanitization of classDef in state diagrams leads to HTML injection vulnerability discovered by ? in WordPress Npm mermaid versions = 10.9.5...

5.3CVSS5.8AI score0.00401EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/07 2:20 p.m.6 views

CVE-2026-42509

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

6.1CVSS5.8AI score0.00357EPSS
Exploits0References1
NVD
NVD
added 2026/05/06 10:16 a.m.6 views

CVE-2026-42509

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

6.1CVSS0.00357EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 8:34 a.m.10 views

CVE-2026-42509

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

5.8AI score0.00357EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/06 8:34 a.m.79 views

CVE-2026-42509 Apache Wicket: crafted strings can break out of the JavaScript sequence

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

0.00357EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 8:31 a.m.31 views

CVE-2026-43646 Apache Wicket: crafted URLs can bypass PackageResourceGuard

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

0.00394EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.9 views

PT-2026-37431

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

5.8AI score0.00394EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-27449

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/itemfunc.cc:148. CVE-2022-27449 Note that Nessus relies on t...

7.5CVSS7.6AI score0.02211EPSS
Exploits1References2
OSV
OSV
added 2025/06/10 11:50 a.m.4 views

BIT-MARIADB-MIN-2022-27452

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/itemcmpfunc.cc...

7.5CVSS7AI score0.02186EPSS
Exploits1References4
OSV
OSV
added 2025/06/10 11:50 a.m.4 views

BIT-MARIADB-MIN-2022-27448

There is an Assertion failure in MariaDB Server v10.9 and below via 'node-pcur-relpos == BTRPCURON' at /row/row0mysql.cc...

7.5CVSS7.1AI score0.02151EPSS
Exploits1References4
CVE
CVE
added 2025/03/03 7:38 p.m.57 views

CVE-2024-51947

ArcGIS Server (Esri) vulnerable: stored XSS in ArcGIS Server versions 11.3 and below via a crafted link, exploitable by a remote, authenticated attacker with publisher privileges. Impact is low on confidentiality and integrity; no impact to availability. Root cause: stored cross-site scripting in...

4.8CVSS5.2AI score0.00245EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/05 1:15 p.m.5 views

CVE-2024-47316

Authorization Bypass Through User-Controlled Key vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.9...

8.8CVSS5.8AI score0.00333EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/06 12:0 a.m.5 views

PT-2024-12150 · Dell · Dell Command | Monitor

Name of the Vulnerable Software and Affected Versions: Dell Command | Monitor versions prior to 10.9 Description: The issue allows a locally authenticated malicious user to perform a privileged arbitrary file delete by exploiting an arbitrary folder deletion vulnerability. Recommendations: For...

7.1CVSS6.9AI score0.00134EPSS
Exploits0References6
OSV
OSV
added 2023/10/18 5:15 a.m.3 views

CVE-2023-3254

The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setupnoregheader.php. This makes it possible for unauthenticated attackers to reset plugin settings a...

4.3CVSS7.2AI score0.00198EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.3 views

SUSE CVE-2022-27445

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sqlwindow.cc...

7.1CVSS8.4AI score0.02174EPSS
Exploits1References12
OSV
OSV
added 2022/12/29 8:15 p.m.5 views

CVE-2022-38206

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser...

6.1CVSS6AI score0.00498EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2022/04/22 7:0 a.m.3 views

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.

...

7.5CVSS7.8AI score0.02186EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2022/04/22 7:0 a.m.1 views

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.

...

7.5CVSS7.8AI score0.01579EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2022/04/14 1:15 p.m.1 views

CVE-2022-27451

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/fieldconv.cc...

7.5CVSS5.8AI score0.01663EPSS
Exploits1References3
OSV
OSV
added 2022/04/14 1:15 p.m.0 views

DEBIAN-CVE-2022-27446

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/itemcmpfunc.h...

7.5CVSS7.8AI score0.01579EPSS
Exploits1References1
Rows per page
Query Builder