Lucene search
+L

8 matches found

NVD
NVD
added yesterday6 views

CVE-2026-49210

Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\Util\ChildComponentPartialRenderer::createHtml interpolates the client-controlled childrenid.tag value from LiveComponentSubscriber and InterceptChildComponentRenderSubscriber directly in...

2.3CVSS
Exploits0References4
OSV
OSV
added 2026/07/10 9:16 p.m.5 views

UBUNTU-CVE-2026-57213

RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmqfederationmanagement plugin renders the consumertag field on the Federation Status page without HTML escaping, allowing a user who can configure a federation upstream or policy to execute...

5.7CVSS6.2AI score0.00237EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/07/09 10:37 p.m.7 views

CVE-2026-59858

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...

8.4CVSS6AI score0.00137EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/09 10:37 p.m.3 views

CVE-2026-59858 Vim: Arbitrary Code Execution via C Omni-Completion

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...

8.4CVSS6.2AI score0.00137EPSS
Exploits0References4
Spring Security Advisories
Spring Security Advisories
added 2026/03/26 12:0 a.m.8 views

RediSearch Query via Unescaped TAG Filter Values in RedisVectorStore

In RedisFilterExpressionConverter of spring-ai-redis-store , when a user-controlled string is passed as a filter value for a TAG field, stringValue inserts the value directly into the @field:VALUE RediSearch TAG block without escaping characters...

7.5CVSS5.8AI score0.0025EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 6:53 a.m.6 views

CVE-2026-29038 changedetection.io: Reflected XSS in RSS Tag Error Response

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting XSS vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body...

6.1CVSS5.6AI score0.00282EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2022/05/18 12:3 p.m.6 views

subversion: Stored XSS vulnerabilities in Jenkins subversion plugin

A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...

5.4CVSS5.7AI score0.02435EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/06/17 12:0 a.m.6 views

Torchbox Wagtail 跨站脚本漏洞

Torchbox Wagtail is an open source content management system CMS from Torchbox, UK. Wagtail suffers from a cross-site scripting vulnerability that stems from tag output not being properly escaped as HTML, which allows users to insert arbitrary HTML or script...

5.4CVSS5.6AI score0.01109EPSS
Exploits1References6
Rows per page
Query Builder