Lucene search
K

30 matches found

ATTACKERKB
ATTACKERKB
added 6 days ago3 views

CVE-2026-55661

Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs — including case-variant,...

4.8CVSS5.6AI score0.00239EPSS
Exploits0References3Affected Software2
SUSE CVE
SUSE CVE
added 6 days ago6 views

SUSE CVE-2025-1015

The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...

7.8CVSS6.9AI score0.01331EPSS
Exploits0References7
NVD
NVD
added 2026/05/28 6:16 p.m.15 views

CVE-2026-45348

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to...

8.7CVSS0.00199EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/27 5:7 p.m.10 views

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS7.3AI score0.01016EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/16 10:49 p.m.15 views

Cross-site Scripting (XSS)

Overview @paperclipai/ui is a Prebuilt Paperclip board UI assets. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the MarkdownBody class, where user-supplied markdown content is rendered without proper URL sanitization due to an overridden urlTransform function. An...

5.4CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/03 5:17 a.m.3 views

CVE-2026-3455

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...

5.1CVSS6AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-39277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features,...

4.8CVSS6.8AI score0.00538EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-3377

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL...

6.1CVSS6.4AI score0.08EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.7 views

Astra Linux – Vulnerability in Thunderbird

The Thunderbird Address Book’s URI fields contained unsanitized links. Attackers could use these links to create and export an address book containing malicious payloads in certain fields. For example, in the “Other” field of the Instant Messaging section. If another user imported the address boo...

5.4CVSS7AI score0.01331EPSS
Exploits0References3
Snyk
Snyk
added 2025/05/01 6:33 a.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through the ‎PackageIndex.downloadurl method. Due to insufficient sanitization of special characters, an attacker can write files to arbitrary locations on the filesystem with the permissions of the process running t...

8.8CVSS8.2AI score0.01479EPSS
Exploits4References3
CVE
CVE
added 2025/04/15 3:6 p.m.123 views

CVE-2025-3522

Summary of CVE-2025-3522 (Thunderbird) : Thunderbird improperly processes the X-Mozilla-External-Attachment-URL header used for external attachments. When opening an email, Thunderbird fetches the URL to determine file size and may navigate to it when attaching is clicked. The URL is not validate...

6.3CVSS6.7AI score0.0024EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2025/02/12 9:37 a.m.4 views

thunderbird: Unsanitized address book fields

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For...

5.4CVSS7.4AI score0.01331EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/02/12 4:23 a.m.3 views

thunderbird: Unsanitized address book fields

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For...

5.4CVSS7.4AI score0.01331EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/02/12 4:8 a.m.5 views

thunderbird: Unsanitized address book fields

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For...

5.4CVSS7.4AI score0.01331EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/02/11 4:45 p.m.6 views

thunderbird: Unsanitized address book fields

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For...

5.4CVSS7.4AI score0.01331EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/02/10 1:29 a.m.4 views

thunderbird: Unsanitized address book fields

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For...

5.4CVSS7.4AI score0.01331EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/02/07 12:0 a.m.8 views

FreeBSD : Thundirbird -- unprivileged JavaScript code execution (830381c7-e539-11ef-a845-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 830381c7-e539-11ef-a845-b42e991fc52e advisory. [email protected] reports: The Thunderbird Address Book URI fields contained unsanitized links. This...

5.4CVSS6.9AI score0.01331EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/02/04 2:15 p.m.5 views

CVE-2025-1015

The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...

5.4CVSS8.7AI score0.01331EPSS
Exploits0References3
NVD
NVD
added 2025/02/04 2:15 p.m.10 views

CVE-2025-1015

The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...

5.4CVSS0.01331EPSS
Exploits0References3
OSV
OSV
added 2025/02/04 2:15 p.m.8 views

CVE-2025-1015

The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...

5.4CVSS6.8AI score
Exploits0References3
Rows per page
Query Builder