Lucene search
+L

406 matches found

Cvelist
Cvelist
added 2025/06/30 8:45 p.m.9 views

CVE-2025-49520 Event-driven-ansible: authenticated argument injection in git url in eda project creation

A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift...

8.8CVSS0.00484EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.4 views

TencentOS Server 3: python3 (TSSA-2022:0217)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0217 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

7.5CVSS7.2AI score0.08325EPSS
Exploits1References3
Snyk
Snyk
added 2025/06/04 6:30 p.m.2 views

Incomplete Filtering of Special Elements

Overview org.webjars.npm:angular-sanitize is an AngularJS module for sanitizing HTML Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements through the ngSanitize module. An attacker can manipulate image sources and perform content spoofing by injecting...

6.3CVSS6.7AI score0.00302EPSS
Exploits0References2
NVD
NVD
added 2025/05/28 6:15 p.m.11 views

CVE-2025-30087

Best Practical RT Request Tracker 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL...

7.2CVSS0.00271EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/28 12:0 a.m.7 views

CVE-2025-30087

Best Practical RT Request Tracker 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL...

7.2CVSS6.8AI score0.00271EPSS
Exploits0References3
NVD
NVD
added 2025/05/23 4:15 p.m.63 views

CVE-2025-48377

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue...

6CVSS0.00198EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:39 a.m.9 views

CVE-2024-27561

A Server-Side Request Forgery SSRF in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter...

9.1CVSS7.2AI score0.00585EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:39 a.m.10 views

CVE-2024-27563

A Server-Side Request Forgery SSRF in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

6.5CVSS7.3AI score0.00417EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:37 a.m.6 views

CVE-2023-35161

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.7AI score0.02377EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:55 a.m.6 views

CVE-2023-34203

In Progress OpenEdge OEM OpenEdge Management and OEE OpenEdge Explorer before 12.7, a remote user who has any OEM or OEE role could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and...

8.8CVSS7.5AI score0.01064EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 12:34 a.m.19 views

CVE-2022-4771

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables...

6.1CVSS6.8AI score0.00353EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:59 p.m.8 views

CVE-2022-24342

In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible...

8.8CVSS7.2AI score0.03202EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:42 p.m.10 views

CVE-2022-41204

An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack...

8.8CVSS8.7AI score0.0076EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:12 p.m.9 views

CVE-2021-36668

URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App...

7.8CVSS7.3AI score0.00572EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:25 p.m.5 views

CVE-2020-27627

JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection...

6.1CVSS6.9AI score0.00724EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:23 p.m.8 views

CVE-2020-26884

RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the context of the web application...

6.1CVSS7.4AI score0.00823EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 12:34 p.m.7 views

CVE-2010-2325

Cross-site scripting XSS vulnerability in the administrative console in IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection."...

4.3CVSS5.8AI score0.01642EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:46 a.m.8 views

CVE-2010-4220

Cross-site scripting XSS vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server WAS 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection."...

4.3CVSS5.7AI score0.01656EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/25 11:48 p.m.8 views

CVE-2025-24909

Overview The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. CWE-79 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and...

4.4CVSS6.7AI score0.00262EPSS
Exploits0References1
NVD
NVD
added 2025/04/16 11:15 p.m.32 views

CVE-2025-0757

Overview The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. CWE-79 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x...

4.4CVSS0.00262EPSS
Exploits0References1
Rows per page
Query Builder