Lucene search
K

5 matches found

CVE
CVE
added yesterday5 views

CVE-2026-53641

FOSSBilling versions 0.6.0–0.7.2 contain a stored XSS vulnerability in the client email history views. Email HTML content is rendered into a JavaScript template literal via the |raw filter, bypassing output escaping, allowing an admin to inject JavaScript payloads that execute in a client’s brows...

4.8CVSS5.9AI score0.00043EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47541

A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client info.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted...

7.8CVSS5.6AI score0.00148EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 1:24 p.m.6 views

CVE-2026-50231

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

7.2CVSS5.6AI score0.00183EPSS
Exploits2References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2021-28866

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00477EPSS
Exploits0References2
OSV
OSV
added 2020/01/24 10:15 p.m.2 views

DEBIAN-CVE-2020-5226

Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a...

5.4CVSS5.5AI score0.00544EPSS
Exploits0References1
Rows per page
Query Builder