exploitRag-FullStack

ExploitRAG - RAG-based Cybersecurity Chat System A production...

CVE-2026-21520

Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector...

CVE-2018-25116

MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution...

CVE-2018-25116

MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution...

CVE-2025-59375

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing...

CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

CVE-2026-0776 Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the target system in...

CVE-2026-24132

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...

CVE-2026-21520

Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector...

CVE-2026-23516

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or...

CVE-2021-47850

Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directories such as C:\Users\Public by manipulating...

PT-2026-3868

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or...

CVE-2025-41084

Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...

CVE-2025-41084 Stored Cross-Site Scripting (XSS) in Sesame web application

Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...

CVE-2025-41084 Stored Cross-Site Scripting (XSS) in Sesame web application

Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...

CVE-2025-41084

CVE-2025-41084 describes a Stored Cross-Site Scripting (XSS) vulnerability in the Sesame web application. The issue arises because uploaded SVG images are not properly sanitized, allowing attackers to embed malicious scripts in SVG files by issuing a POST to the logo endpoint (/api/v3/companies//...

PT-2026-3547

Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...

Sesame cross-site scripting vulnerabilities

Sesame is a web application developed by the Sesame company. Sesame has a cross-site scripting vulnerability, which stems from improper handling of uploaded SVG images. This vulnerability could allow attackers to inject malicious scripts, which can execute when users access infected resources...

MiracleLinux 4 : microcode_ctl-1.17-33.31.AXS4 (AXSA:2020-893:07)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-893:07 advisory. hw: Vector Register Leakage-Active CVE-2020-8696 hw: Fast forward store predictor CVE-2020-8698 Tenable has extracted the preceding description block...

MiracleLinux 8 : kernel-4.18.0-147.8.1.el8 (AXSA:2020-750:12)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-750:12 advisory. kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception CVE-2019-15030 kernel: powerpc:...