Lucene search
+L

6 matches found

OSV
OSV
added 2 days ago4 views

CVE-2026-61433 PraisonAI before 4.6.78 Code Injection via API deployment generator

PraisonAI before 4.6.78 fails to safely encode deployment configuration values when generating Python source code for API servers. Attackers can inject arbitrary Python expressions through the deploy.api.host and agentsfile configuration parameters that execute when the generated server starts or...

8.5CVSS6.3AI score0.00144EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 5:0 p.m.7 views

CVE-2026-2973

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to improper sanitization of entity-encoded content in...

5.4CVSS6.1AI score0.00173EPSS
Exploits0References1
CVE
CVE
added 2026/02/28 9:47 p.m.28 views

CVE-2026-28560

wpForo Forum 2.4.14 contains a stored XSS vulnerability: forum URL data output into an inline script block via json_encode without JSON_HEX_TAG. An attacker can supply a forum slug containing a closing tag or unescaped single quote to break out of the JavaScript string context and execute arbitr...

5.5CVSS6AI score0.00227EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/31 12:30 a.m.9 views

EUVD-2016-10798

Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting XSS in the Dashboards section when rendering log entries in the Logs table. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in...

5.1CVSS5.5AI score0.00466EPSS
Exploits0References3
NVD
NVD
added 2025/10/30 10:15 p.m.9 views

CVE-2016-15049

Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting XSS in the Dashboards section when rendering log entries in the Logs table. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in...

5.4CVSS0.00466EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.11 views

PT-2025-44537

Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting XSS in the Dashboards section when rendering log entries in the Logs table. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in...

5.4CVSS6AI score0.00466EPSS
Exploits0References3
Rows per page
Query Builder