Lucene search
K

19 matches found

SUSE CVE
SUSE CVE
added 2026/04/09 11:25 p.m.9 views

SUSE CVE-2026-39881

Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol...

6CVSS6.1AI score0.0062EPSS
Exploits0References13
NVD
NVD
added 2026/04/08 9:17 p.m.4 views

CVE-2026-39881

Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol...

7.8CVSS0.0062EPSS
Exploits0References3
OSV
OSV
added 2026/04/08 9:17 p.m.6 views

ALPINE-CVE-2026-39881

Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol...

7.8CVSS6.1AI score0.0062EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 8:18 p.m.2 views

CVE-2026-39881 Vim Ex command injection in Vims NetBeans integration

Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol...

5CVSS6.1AI score0.0062EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/04/08 8:18 p.m.5 views

CVE-2026-39881

Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol...

7.8CVSS6.1AI score0.0062EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-39881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans...

7.8CVSS6.1AI score0.0062EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/08 2:58 p.m.12 views

CVE-2025-53480 CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate (Account information tab) via unsanitized i18n messages

The CheckUser extension’s Special:Investigate page has a vulnerability in the Account information tab, where specific internationalized messages are rendered without proper escaping. Attackers can exploit this by appending ?uselang=x-xss to the URL, causing reflected XSS when the UI renders...

0.0017EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/07 3:13 p.m.3 views

CVE-2025-53487 ApprovedRevs: Stored Cross-Site Scripting (XSS) via unsanitized system messages

The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this by injecting JavaScript payloads via the uselang=x-xss language override, which causes crafted message ke...

5.8AI score0.0017EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/07 3:13 p.m.13 views

CVE-2025-53487 ApprovedRevs: Stored Cross-Site Scripting (XSS) via unsanitized system messages

The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this by injecting JavaScript payloads via the uselang=x-xss language override, which causes crafted message ke...

0.0017EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/06/13 2:8 p.m.14 views

starcitizentools/citizen-skin allows stored XSS in preference menu heading messages

Summary Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. Details The innerHtml of the label div is set to the textContent of the label, essentially unsanitizing the system messages:...

6.5CVSS6.4AI score0.0035EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 7:45 p.m.7 views

CVE-2021-32607

An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message...

9.8CVSS6.8AI score0.33442EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.6 views

PT-2025-12262 · Vllm · Vllm

Name of the Vulnerable Software and Affected Versions: vllm-project vllm version 0.6.0 Description: The issue concerns a vulnerability in the AsyncEngineRPCServer RPC server entrypoints. The core functionality run server loop calls the function make handler coro, which directly uses...

9.8CVSS7AI score0.01274EPSS
Exploits1References6
NVD
NVD
added 2024/12/27 6:15 a.m.16 views

CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

7.5CVSS0.00752EPSS
Exploits1References5
OSV
OSV
added 2024/07/22 6:15 a.m.5 views

CVE-2024-6243

The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disabled...

4.8CVSS5.8AI score0.00353EPSS
Exploits1References1
Prion
Prion
added 2023/10/30 11:15 p.m.15 views

Cross site scripting

BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby...

4.9CVSS5.3AI score0.00418EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/10/30 10:18 p.m.34 views

CVE-2023-43797 BigBlueButton Stored Cross-site Scripting vulnerability at Guest Lobby

BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby...

6.3CVSS6.3AI score0.00418EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/30 12:0 a.m.5 views

PT-2023-28989 · Unknown · Bigbluebutton

Name of the Vulnerable Software and Affected Versions: BigBlueButton versions prior to 2.6.11 BigBlueButton versions prior to 2.7.0-beta.3 Description: The issue affects BigBlueButton, an open-source virtual classroom, where the Guest Lobby is vulnerable to cross-site scripting. This occurs when...

6.3CVSS5.2AI score0.00418EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2021/10/06 12:0 a.m.3 views

PT-2021-23483 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36.2 Description: An issue was discovered in the Mentor dashboard in the GrowthExperiments extension where certain MediaWiki messages were not properly sanitized. This allowed for the injection and execution of HT...

8.8CVSS6.3AI score0.01735EPSS
Exploits5References43
OSV
OSV
added 2020/12/21 6:15 p.m.5 views

CVE-2020-14225

HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack...

6.5CVSS6.7AI score0.0125EPSS
Exploits0References1
Rows per page
Query Builder