Lucene search
K

41 matches found

NVD
NVD
added 2026/06/23 6:18 p.m.7 views

CVE-2026-54007

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the chat message listener allows non-same-origin input:prompt and action:submit messages, so an external site can set prompt text and trigger submitPrompt in an authenticated victim...

7.1CVSS0.00162EPSS
Exploits1References1
NVD
NVD
added 2026/05/13 10:16 p.m.27 views

CVE-2026-44369

CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 to 2.63.0, an attacker who is able to create or edit an annotation guide on a task is able to add malicious JavaScript code, which will then run in the browser of anyone who opens this annotation...

8.5CVSS0.00266EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 9:32 p.m.11 views

CVE-2026-44369

CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 to 2.63.0, an attacker who is able to create or edit an annotation guide on a task is able to add malicious JavaScript code, which will then run in the browser of anyone who opens this annotation...

8.5CVSS6AI score0.00266EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/13 9:32 p.m.8 views

EUVD-2026-30186

CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 to 2.63.0, an attacker who is able to create or edit an annotation guide on a task is able to add malicious JavaScript code, which will then run in the browser of anyone who opens this annotation...

8.5CVSS6AI score0.00266EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 9:32 p.m.13 views

CVE-2026-44369 CVAT: Stored XSS via annotation guides

CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 to 2.63.0, an attacker who is able to create or edit an annotation guide on a task is able to add malicious JavaScript code, which will then run in the browser of anyone who opens this annotation...

8.5CVSS6AI score0.00266EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 p.m.7 views

CVE-2026-1468

QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victim, will automatically send a POST request with victim's privileges. This software does not implement any protection against this type of attack. Al...

5.1CVSS5.8AI score0.00222EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/06 12:30 p.m.6 views

EUVD-2026-10028

QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victim, will automatically send a POST request with victim's privileges. This software does not implement any protection against this type of attack. Al...

5.1CVSS5.8AI score0.00222EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/27 9:31 p.m.6 views

EUVD-2026-9048

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a cross-site request forgery vulnerability in its management interface that allows attackers to induce authenticated users into submitting forged requests. Attackers can craft malicious requests that execute unauthorized...

5.1CVSS5.9AI score0.00102EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/26 6:18 a.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the setck parameter. An attacker can execute arbitrary JavaScript in the context of the victim's browser by tricking users into clicking a crafted link, potentially allowing actions such as moving, deleting,...

6.1CVSS5.9AI score0.00163EPSS
Exploits0References2
OSV
OSV
added 2026/01/23 11:18 p.m.7 views

CVE-2026-24128 XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 7.0-milestone-2 through 16.10.11, 17.0.0-rc-1 through 17.4.4, and 17.5.0-rc-1 through 17.7.0 contain a reflected Cross-site Scripting XSS vulnerability, which allows an attacker to...

6.5CVSS5.9AI score0.00503EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/01/23 11:18 p.m.4 views

CVE-2026-24128

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 7.0-milestone-2 through 16.10.11, 17.0.0-rc-1 through 17.4.4, and 17.5.0-rc-1 through 17.7.0 contain a reflected Cross-site Scripting XSS vulnerability, which allows an attacker to...

6.5CVSS6AI score0.00503EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/01/21 10:15 p.m.8 views

CVE-2026-23960

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo...

7.3CVSS0.00337EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/01/21 10:2 p.m.3 views

CVE-2026-23960 Argo Workflows affected by stored XSS in the artifact directory listing

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo...

7.3CVSS5.8AI score0.00337EPSS
Exploits1References5
OSV
OSV
added 2026/01/21 10:2 p.m.9 views

CVE-2026-23960 Argo Workflows affected by stored XSS in the artifact directory listing

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo...

7.3CVSS5.8AI score0.00337EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/01/21 10:0 p.m.13 views

Argo Workflows affected by stored XSS in the artifact directory listing

Summary Stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo Server origin, enabling API actions with the victim’s privileges. Details The directory listing response in server/artifacts/artifactserver.go...

7.3CVSS5.8AI score0.00337EPSS
Exploits1References7Affected Software2
OSV
OSV
added 2025/11/10 3:15 p.m.5 views

CVE-2025-63710

The sendmessage.php endpoint in SourceCodester Simple Public Chat Room 1.0 is vulnerable to Cross-Site Request Forgery CSRF. The application does not implement any CSRF-protection mechanisms such as tokens, nonces, or same-site cookie restrictions. An attacker can create a malicious HTML page tha...

6.5CVSS5.9AI score0.00132EPSS
Exploits1References2
NVD
NVD
added 2025/10/27 4:15 p.m.16 views

CVE-2025-34133

Wimi Teamwork versions prior to 7.38.17 contains a cross-site request forgery CSRF vulnerability in its API. The API accepts any authenticated request that contains a JSON field named 'csrftoken' without validating the field’s value; only the presence of the field is checked. An attacker can craf...

7CVSS0.00231EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.8 views

PT-2025-43971

Name of the Vulnerable Software and Affected Versions Wimi Teamwork versions prior to 7.38.17 Description The software contains a cross-site request forgery CSRF issue in its API. The API accepts authenticated requests containing a JSON field named csrf token without validating its value, only...

7CVSS6.9AI score0.00231EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-25535

Malware in sbrugna...

9.3CVSS7.7AI score0.02766EPSS
Exploits0References3
NCSC
NCSC
added 2024/08/14 12:44 p.m.6 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop. A malicious party could exploit the vulnerability to execute arbitrary code with the victim's privileges, potentially gaining access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue file...

7.8CVSS7.6AI score0.00315EPSS
Exploits0References1
Rows per page
Query Builder