Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/05/09 2:21 a.m.11 views

CVE-2025-63704

NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/07 6:30 p.m.10 views

EUVD-2025-209730

NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...

5.8AI score0.00476EPSS
Exploits0References4
NVD
NVD
added 2026/05/07 4:16 p.m.17 views

CVE-2025-63704

NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...

9.8CVSS0.00476EPSS
Exploits0References3
CVE
CVE
added 2026/05/07 12:0 a.m.18 views

CVE-2025-63704

CVE-2025-63704 affects the NPM package [email protected] and is caused by improper sanitization of user-supplied query parameters, leading to prototype pollution (merging inputs into a newly created object). The CVSS v3.1 base score reported is 9.8 (CRITICAL) with network attack vector, n...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References3
CVE
CVE
added 2026/04/10 5:42 p.m.12 views

CVE-2026-32893

CVE-2026-32893 : Chamilo LMS is vulnerable to a reflected XSS in the exercise question list pagination. Before 2.0.0-RC.3, the pagination code merges all GET parameters with array_merge() and injects http_build_query() output into HTML href attributes without htmlspecialchars(), allowing an authe...

5.4CVSS6.1AI score0.00141EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.7 views

CVE-2022-0201

The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.2AI score0.03368EPSS
Exploits2References1
Veracode
Veracode
added 2025/12/24 7:28 a.m.7 views

Improper Access Control

@strapi/core is vulnerable to improper access control. The vulnerability is due to improper sanitization of query parameters in the document service lookup operator, which allows an attacker to craft malicious queries to access private fields such as admin passwords and reset tokens...

8.2CVSS5.6AI score0.00383EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/18 6:0 a.m.11 views

CVE-2025-4955 tarteaucitron.io < 1.9.5 - Contributor+ Stored XSS

The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks...

4.6AI score0.0032EPSS
Exploits1References1
Rows per page
Query Builder