Lucene search
K

5 matches found

Cvelist
Cvelist
added yesterday12 views

CVE-2026-55437 Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded...

5.4CVSS
Exploits0References6
EUVD
EUVD
added 2026/06/04 2:28 p.m.12 views

EUVD-2026-34284

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose logjserrors to any authenticated user, including guest users when guest access is enabled. The endpoint writes attacker-controlled strings directly into the main application log. The...

8.9CVSS5.7AI score0.00207EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:22 a.m.8 views

CVE-2021-31164

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements...

7.5CVSS7AI score0.02283EPSS
Exploits0References1
OSV
OSV
added 2024/06/21 6:15 a.m.7 views

CVE-2024-4477

The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting...

5.4CVSS5.8AI score0.00307EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.4 views

WordPress plugin跨站脚本漏洞

NextScripts:Social Networks Auto-Poster WordPress plugin is vulnerable to a cross-site scripting vulnerability in versions prior to 4.3.24. The vulnerability stems from the fact that log requests are not escaped before being exported to the relevant administrative The vulnerability stems from the...

6.1CVSS5.6AI score0.01334EPSS
Exploits2References2
Rows per page
Query Builder