Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/06/09 11:54 p.m.36 views

CVE-2026-46546 Frappe LMS: HTML injection in user-controlled metadata

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors' browsers to navigate to...

2.1CVSS0.00234EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:56 a.m.10 views

CVE-2026-10517

A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...

5.8CVSS5.7AI score0.00292EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 9:24 p.m.9 views

EUVD-2026-29853

mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and...

5CVSS5.8AI score0.00197EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 6:16 p.m.6 views

CVE-2026-2291

dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS...

7.3CVSS0.00754EPSS
Exploits1References7
Snyk
Snyk
added 2026/04/25 11:48 p.m.4 views

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the uploadC2CMedia or uploadGroupMedia process. An attacker can cause the application to make unintended outbound requests to attacker-controlled URLs...

6.3CVSS5.5AI score0.00236EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.5 views

SAP BusinessObjects Business Intelligence Platform SSRF (December 2025)

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote host is affected by a server-side request forgery vulnerability as disclosed in the SAP Security Patch Day December 2025: - SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote...

5.4CVSS5.6AI score0.0026EPSS
Exploits0References3
Veracode
Veracode
added 2025/09/08 3:38 p.m.5 views

Account Takeover

debug is vulnerable to Account Takeover. The vulnerability is due to a compromised npm publishing account, which allowed an attacker to publish a malicious patch version 4.4.2 that injects browser-side malware, enabling redirection of cryptocurrency transactions e.g., MetaMask to...

8.8CVSS5.3AI score0.00378EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder