Lucene search
K

16 matches found

EUVD
EUVD
added 2026/06/24 12:30 a.m.8 views

EUVD-2026-38634

FlatPress versions prior to commit 10be83c, contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templates. Attackers can inject arbitrary HTML and JavaScript through these fields ...

8.4CVSS5.9AI score0.00243EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/22 1:16 a.m.3 views

CVE-2019-25586

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an application crash...

6.9CVSS6.1AI score0.00178EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/04 2:39 p.m.5 views

CVE-2026-25673

A flaw was found in Django. A remote attacker can exploit a vulnerability in the URLField.topython function, specifically when Django is running on the Windows platform. This function, which utilizes urllib.parse.urlsplit, performs a disproportionately slow normalization process for certain Unico...

7.5CVSS5.9AI score0.00734EPSS
Exploits0References6
OSV
OSV
added 2026/03/03 3:16 p.m.4 views

CVE-2026-25673

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...

7.5CVSS5.8AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/03 2:28 p.m.6 views

CVE-2026-25673 Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...

6AI score0.00734EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.5 views

SolarWinds Observability Self-Hosted 跨站脚本漏洞

SolarWinds Observability Self-Hosted is an observation platform from SolarWinds, Inc. A cross-site scripting vulnerability exists in SolarWinds Observability Self-Hosted, which stems from a cross-site scripting vulnerability in a user-created URL field that could lead to an attack by a...

5.4CVSS6AI score0.00416EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/01/23 9:34 a.m.3 views

go-git: argument injection via the URL field

An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport...

9.8CVSS7.4AI score0.0124EPSS
Exploits0References6
OSV
OSV
added 2023/10/12 7:15 a.m.2 views

UBUNTU-CVE-2023-32721

A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL...

7.6CVSS5.7AI score0.00595EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/29 12:0 a.m.8 views

D-Link DIR-823G 安全漏洞

The D-Link DIR-823G is a home dual-band Gigabit wireless router with second-generation 802.11ac Wi-Fi5 technology designed for medium- to high-speed broadband networks. The D-Link DIR-823G suffers from a buffer overflow vulnerability that stems from a buffer overflow vulnerability in the URL fiel...

9.8CVSS8.1AI score0.01304EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/05/15 12:0 a.m.6 views

PT-2023-17407 · WordPress · Pretty Url

Name of the Vulnerable Software and Affected Versions: Pretty Url WordPress plugin versions 1.5.4 and earlier Description: The issue arises from the plugin's failure to sanitize and escape the URL field in its settings, potentially allowing high-privilege users to perform Stored Cross-Site...

4.8CVSS8.1AI score0.00824EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2023/05/11 12:0 a.m.3 views

PT-2023-6100 · Zabbix +4 · Zabbix +4

Name of the Vulnerable Software and Affected Versions: Zabbix affected versions not specified Description: A stored XSS issue has been identified in the Zabbix web application, specifically in the Maps element. This occurs when a URL field is set with spaces before the URL. The vulnerability is...

9.9CVSS6AI score0.04036EPSS
Exploits4References107
Positive Technologies
Positive Technologies
added 2023/02/27 12:0 a.m.17 views

PT-2023-3481 · D Link · D-Link Dir-823G

Name of the Vulnerable Software and Affected Versions: D-Link DIR-823G firmware version 1.02B05 Description: The issue is related to a buffer overflow in the implementation of the HNAP1 protocol in the D-Link DIR-823G router's firmware. This occurs when processing the SetParentsControlInfo...

9.8CVSS7.7AI score0.01304EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.4 views

SUSE CVE-2019-13068

public/app/features/panel/panelctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links via the Title or url field...

6.3CVSS7.1AI score0.51915EPSS
Exploits2References4
OSV
OSV
added 2020/02/22 10:15 p.m.6 views

CVE-2020-9338

SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field...

5.4CVSS6.1AI score0.00531EPSS
Exploits1References1
CNVD
CNVD
added 2017/11/21 12:0 a.m.2 views

Horde Groupware Cross-Site Scripting Vulnerability (CNVD-2017-37741)

Horde Groupware is an enterprise browser based on the Communication Suite from Horde USA. The browser supports sending and receiving e-mail, managing and sharing calendars, contacts and tasks, and more. A cross-site scripting vulnerability exists in Horde Groupware version 5.2.19. A remote attack...

5.4CVSS5.9AI score0.01752EPSS
Exploits1References1
OSV
OSV
added 2009/10/13 10:30 a.m.4 views

DEBIAN-CVE-2009-3695

Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...

5CVSS6.7AI score0.03686EPSS
Exploits0References1
Rows per page
Query Builder