Lucene search
K

26 matches found

CNNVD
CNNVD
added 2026/06/10 12:0 a.m.10 views

Jenkins 安全漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Versions 2.483 to 2.567, as well as LTS versions 2.492.1 to 2.555.2, have security vulnerabilities...

5.4CVSS5.1AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.7 views

CVE-2026-5776

The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks...

6.1CVSS5.4AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.8 views

CVE-2026-45628

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

9.6CVSS5.5AI score0.0023EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/20 6:0 a.m.6 views

CVE-2026-5776

The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks...

5.8AI score0.00213EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-8839

Malicious code in bioql PyPI...

9.6CVSS7.4AI score0.0059EPSS
Exploits1References3
Veracode
Veracode
added 2025/06/09 7:9 a.m.6 views

Log Injection

Django is vulnerable to log injection. The vulnerability is due to unescaped user input in request.path during internal HTTP response logging, allowing attackers to manipulate logs, forge entries, or hide malicious activity...

5.3CVSS4.5AI score0.006EPSS
Exploits0References11Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.10 views

CVE-2021-24385

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...

9.8CVSS7.9AI score0.02793EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.7 views

CVE-2021-24862

The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rmchronosajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue...

7.2CVSS7.4AI score0.73293EPSS
Exploits6References1
Github Security Blog
Github Security Blog
added 2025/03/31 4:55 p.m.18 views

Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input

Summary A Cross-Site Scripting XSS vulnerability exists in Beego's RenderForm function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that executes in victims' browsers, potentially leading to session hijacking,...

9.6CVSS5.4AI score0.0059EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2025/03/31 4:55 p.m.11 views

GHSA-2J42-H78H-Q4FG Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input

Summary A Cross-Site Scripting XSS vulnerability exists in Beego's RenderForm function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that executes in victims' browsers, potentially leading to session hijacking,...

9.3CVSS5.4AI score0.0059EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

AgentScope 安全漏洞

AgentScope is a ModelScope open source application. Build LLM-based multi-intelligence applications more simply. A security vulnerability exists in AgentScope that stems from user-controllable strings that are not properly cleaned and escaped, which could lead to a stored cross-site scripting...

6.1CVSS5.8AI score0.00389EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/01/06 3:47 p.m.11 views

Extension:TabberNeue vulnerable to Cross-site Scripting

Summary There are several sources of arbitrary, unescaped user input being used to construct HTML, which allows any user that can edit pages or otherwise render wikitext to XSS other users. Edit: Only the first XSS can be reproduced in production. Details ✅ Verified and patched in...

8.6CVSS8.5AI score0.00489EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/01/06 3:47 p.m.7 views

GHSA-4X6X-8RM8-C37J Extension:TabberNeue vulnerable to Cross-site Scripting

Summary There are several sources of arbitrary, unescaped user input being used to construct HTML, which allows any user that can edit pages or otherwise render wikitext to XSS other users. Edit: Only the first XSS can be reproduced in production. Details ✅ Verified and patched in...

8.6CVSS8.3AI score0.00489EPSS
Exploits0References5
CVE
CVE
added 2024/12/03 3:46 p.m.65 views

CVE-2024-53257

Vitess CVE-2024-53257 affects the vtgate/vttablet status pages (/debug/querylogz and /debug/env). Input is not escaped, allowing HTML injection on monitoring pages because those endpoints render with text/template. Fixed in Vitess releases 19.0.8, 20.0.4, and 21.0.1. Exploitation details are prov...

4.9CVSS5.1AI score0.00428EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/11/20 12:0 a.m.17 views

EmbedPress < 3.9.2 - Reflected XSS

Description The plugin does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page containing the HTML code below...

6.1CVSS5.9AI score0.0062EPSS
Exploits2Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/12 3:53 p.m.31 views

Symfony potential Cross-site Scripting in WebhookController

Description The error message in WebhookController returns unescaped user-submitted input. Resolution WebhookController now doesn't return any user-submitted input in its response. The patch for this issue is available here for branch 6.3. Credits We would like to thank Maxime Aknin for reporting...

6.1CVSS7AI score0.00568EPSS
Exploits0References6Affected Software2
CNNVD
CNNVD
added 2023/10/31 12:0 a.m.3 views

WordPress Plugin Message ticker SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

8.8CVSS7.7AI score0.00797EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/11/29 12:0 a.m.8 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in versio...

6.1CVSS5.9AI score0.00883EPSS
Exploits1References3
Huntr
Huntr
added 2021/05/29 4:59 p.m.9 views

OS Command Injection in falconchristmas/fpp

✍️ Description Hi, it is possible to inject arbitrary OS commands in https://github.com/FalconChristmas/fpp/blob/59b7f7e8039a7019143c2c4b44f7d95b6358a4ef/www/formatstorage.phpL24 php &1"; echo "Command: $command\n"; echo...

1.6AI score
Exploits0
WPVulnDB
WPVulnDB
added 2019/07/03 12:0 a.m.13 views

MyBookTable <= 3.2.2 - Multiple XSS

Version WPScan Team: v3.2.2 implemented numerous sanitisation improvements, however there was still at least one DOM XSS: https:///wp-admin/admin.php?page=mbthelpvideotutorial= June 30th - Vendor Contacted about the DOM XSS June 30th - Fix pushed in Trunk, vendor also reviewed all other usage of...

0.3AI score
Exploits0References1Affected Software1
Rows per page
Query Builder