Lucene search
+L

50 matches found

Positive Technologies
Positive Technologies
added 2025/12/08 12:0 a.m.7 views

PT-2025-49551

In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting XSS. On the backend, the related vulnerabilities field of bundles accepted arbitrary strings without format validation or proper...

8.3CVSS6.2AI score0.00256EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.5 views

Vulnerability-Lookup 安全漏洞

Vulnerability-Lookup is an open source Vulnerability-Lookup platform for managing disclosure of vulnerabilities. A security vulnerability exists in Vulnerability-Lookup versions prior to 2.18.0 that stems from an HTTP GET request that can modify the application state, potentially leading to a...

7CVSS6.5AI score0.00151EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/08 12:0 a.m.13 views

PT-2025-49550

Some endpoints in vulnerability-lookup that modified application state e.g. changing database entries, user data, configurations, or other privileged actions may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw leaves the application vulnerable to Cross-Site...

7CVSS7.1AI score0.00151EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31146

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00185EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-0168

Malicious code in bioql PyPI...

8.6CVSS6.4AI score0.00309EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/09/26 12:52 a.m.8 views

CVE-2025-60249

vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...

6.4CVSS5.4AI score0.00185EPSS
Exploits0References1
NVD
NVD
added 2025/09/25 6:15 p.m.7 views

CVE-2025-60249

vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...

6.4CVSS0.00185EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/25 12:0 a.m.4 views

CVE-2025-60249

vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...

6.4CVSS5AI score0.00185EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/25 12:0 a.m.7 views

PT-2025-39430

Name of the Vulnerable Software and Affected Versions vulnerability-lookup version 2.16.0 Description A cross-site scripting XSS issue exists in the handling of user-supplied input within the Bundles, Comments, and Sightings components of the software. Untrusted data was not properly sanitized...

6.4CVSS5.8AI score0.00185EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/25 12:0 a.m.4 views

Vulnerability-Lookup 跨站脚本漏洞

Vulnerability-Lookup is an open source Vulnerability-Lookup platform for managing disclosure of vulnerabilities. A cross-site scripting vulnerability exists in Vulnerability-Lookup version 2.16.0 that stems from insufficient cleanup of user input and could lead to a cross-site scripting attack...

6.4CVSS5.7AI score0.00185EPSS
Exploits0References2
CVE
CVE
added 2025/09/25 12:0 a.m.15 views

CVE-2025-60249

CVE-2025-60249 affects vulnerability-lookup 2.16.0 and enables XSS via Bundles, Comments, and Sightings components (bundle.py, comment.py, user.py). The root cause is unsafe handling of user-supplied input, with untrusted data rendered in templates/tables due to innerHTML usage and insufficient v...

6.4CVSS5AI score0.00185EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/25 12:0 a.m.13 views

CVE-2025-60249

vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...

6.4CVSS0.00185EPSS
Exploits0References1
OSV
OSV
added 2025/09/25 12:0 a.m.4 views

CVE-2025-60249

vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...

6.4CVSS5.4AI score0.00185EPSS
Exploits0References3
NVD
NVD
added 2025/04/08 3:15 a.m.8 views

CVE-2025-32413

Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in website/web/views/user.py...

6.4CVSS0.00228EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/08 12:0 a.m.3 views

Vulnerability-Lookup 跨站脚本漏洞

Vulnerability-Lookup is an open source Vulnerability-Lookup platform for managing disclosure of vulnerabilities. A cross-site scripting vulnerability exists in Vulnerability-Lookup versions prior to 2.7.1, which stems from an unneutralized input in a user profile resulting in stored cross-site...

6.4CVSS5.5AI score0.00228EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.6 views

PT-2025-15324 · Unknown · Vulnerability-Lookup

Name of the Vulnerable Software and Affected Versions: Vulnerability-Lookup versions prior to 2.7.1 Description: The issue allows stored XSS via a user bio in the website/web/views/user.py file. This can potentially lead to malicious script execution when a user views the affected bio...

6.4CVSS5.2AI score0.00228EPSS
Exploits0References7
OSV
OSV
added 2025/04/08 12:0 a.m.7 views

CVE-2025-32413

Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in website/web/views/user.py...

6.4CVSS5.5AI score0.00228EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/30 7:20 p.m.18 views

CVE-2025-24802 Soundness issue with Plonky2 look up tables

Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floornumroutedwires / 3 always include the 0 - 0 input-output pair. Thus a malicious prover can always prove that f0 = 0 for any lookup table f unless its length happens ...

8.6CVSS0.00309EPSS
Exploits0References3
Circl
Circl
added 2024/12/17 9:0 a.m.3 views

CISCO-SA-20180418-WLC

creationtimestamp| type| source ---|---|--- 2024-12-17 09:00:35+00:00| seen| https://social.circl.lu/users/vulnerabilitylookup/statuses/113667342681977139...

7.2AI score
Exploits0References1
Circl
Circl
added 2024/12/17 6:41 a.m.3 views

CISCO-SA-20180620-NXOS

creationtimestamp| type| source ---|---|--- 2024-12-17 06:41:53+00:00| seen| https://social.circl.lu/users/vulnerabilitylookup/statuses/113666794789041150...

7.2AI score
Exploits0References1
Rows per page
Query Builder