Lucene search
K

253 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-21308

Malicious code in bioql PyPI...

8.2CVSS7AI score0.00437EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-6913

Malicious code in bioql PyPI...

9.1CVSS9.3AI score0.00879EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/09/29 8:41 p.m.11 views

CVE-2025-34228

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a server-side request forgery SSRF vulnerability. The /var/www/app/consolerelease/lexmark/update.php script is reachable from the internet...

8.8CVSS5.8AI score0.00736EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/08/14 9:49 a.m.2 views

CVE-2025-55346 Unintended dynamic code execution leads to remote code execution by network attackers

User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request...

9.8CVSS7.3AI score0.1742EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/04 5:34 p.m.10 views

CVE-2025-53484 SecurePoll: Multiple locations vulnerable to Cross-Site Scripting (XSS) via unescaped input

User-controlled inputs are improperly escaped in: VotePage.php poll option input ResultPage::getPagesTab and getErrorsTab user-controllable page names This allows attackers to inject JavaScript and compromise user sessions under certain conditions. This issue affects Mediawiki - SecurePoll...

0.00456EPSS
Exploits0References3
Hacker One
Hacker One
added 2025/05/29 11:38 a.m.5 views

U.S. Dept Of Defense: Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ██████

A Cross-Site Scripting XSS vulnerability was identified in an ASP.NET web application. The issue arose from improper handling of URLs passed to the ResolveUrl method, which failed to sanitize user-controlled input. This allowed injection of arbitrary JavaScript payloads that executed in the conte...

6.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:35 a.m.8 views

CVE-2024-47069

Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website. Prior to versions 1.16.3 and 2.1.3, the block/locale endpoint does not properly sanitize the user-controlled locale input before including it in the...

6.1CVSS6.4AI score0.00423EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 9:27 a.m.5 views

CVE-2024-5936

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...

6.1CVSS4.5AI score0.28925EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:20 p.m.9 views

CVE-2021-21814

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char passed in by the user, no checks are done to see if the passed in char is longer th...

7.8CVSS7.3AI score0.00344EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:53 a.m.7 views

CVE-2019-8235

An insecure direct object reference IDOR vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled...

6.5CVSS6.5AI score0.01881EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/21 6:33 p.m.2 views

Authorization Bypass Through User-Controlled Key

Overview sjbr/sr-feuser-register is an A self-registration variant of Kasper Skårhøj's Front End User Admin extension for TYPO3 CMS. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the handling of user input. An attacker can read arbitrary...

8.7CVSS7AI score0.00301EPSS
Exploits0References2
Veracode
Veracode
added 2025/05/21 6:25 a.m.7 views

Regular Expression Denial Of Service (ReDoS)

Meteor is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression handling caused by applying a complex regex to user-controlled input forwardedFor, allows an attacker to remotely trigger excessive processing...

6.3CVSS6.6AI score0.00591EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2025/04/15 6:30 a.m.4 views

GHSA-RRJ2-PH5Q-JXW2 jquery-validation vulnerable to Cross-site Scripting

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary...

6.1CVSS6AI score0.00315EPSS
Exploits0References5
NVD
NVD
added 2025/04/15 5:15 a.m.20 views

CVE-2025-3573

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary...

6.1CVSS0.00315EPSS
Exploits0References3
CVE
CVE
added 2025/04/15 5:0 a.m.115 views

CVE-2025-3573

CVE-2025-3573 concerns the jquery-validation library. Versions before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, where user-controlled input can be written into the localizable validator.messages dictionary. The vulnerability is described as input-driven and ...

6.1CVSS6.1AI score0.00315EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/15 5:0 a.m.21 views

CVE-2025-3573

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary...

6.1CVSS0.00315EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.6 views

PT-2025-16396

Name of the Vulnerable Software and Affected Versions Web-Check versions affected versions not specified Description A command injection issue exists in the screenshot API of the Web Check project, stemming from user-controlled input url being passed unsanitized into a shell command using exec,...

9.3CVSS5.9AI score0.19761EPSS
Exploits4References11
Veracode
Veracode
added 2025/03/26 11:21 a.m.13 views

Arbitrary File Overwrite

H2O-3 is vulnerable to Arbitrary File Overwrite. The vulnerability is due to improper input validation due to the exportModelDetails function in ModelsHandler.java allowing user-controlled input in the mexport.dir parameter, enabling overwriting files at arbitrary locations on the host system...

8.2CVSS7.2AI score0.00514EPSS
Exploits1References4Affected Software2
RedhatCVE
RedhatCVE
added 2025/03/22 1:3 p.m.7 views

CVE-2024-10812

An open redirect vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing...

6.1CVSS6.8AI score0.00574EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:31 p.m.8 views

CVE-2024-7957

An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the loadcredentials method, where user-controlled input for realmname and zuliprccontent is used to construct file paths and write file content...

9.1CVSS7AI score0.00879EPSS
Exploits0References1
Rows per page
Query Builder