Lucene search
K

6 matches found

OSV
OSV
added 2026/05/05 9:27 p.m.4 views

GHSA-9695-8FR9-HW5Q Grav Vulnerable to Publisher-Level Stored XSS via Unquoted Event Attributes

Summary A stored Cross-Site Scripting XSS vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The issue arises from a blacklist bypass in the detectXss function when handling unquoted HTML event attributes. Details The detectXss function relies on a...

8.5CVSS6.1AI score0.00238EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/21 6:2 a.m.3 views

CVE-2026-4509

A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The exploit has been release...

6.5CVSS6.2AI score0.00291EPSS
Exploits0References4
OSV
OSV
added 2026/01/12 12:0 a.m.7 views

CVE-2025-66689

A path traversal vulnerability exists in Zen MCP Server before 9.8.2 that allows authenticated attackers to read arbitrary files on the system. The vulnerability is caused by flawed logic in the isdangerouspath validation function that uses exact string matching against a blacklist of system...

6.5CVSS6.7AI score0.0048EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-3016

Malware in sbrugna...

4.3CVSS6.1AI score0.02216EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2007-4867

Malware in sbrugna...

6.8CVSS6.4AI score0.02073EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-4426

Malware in sbrugna...

4.3CVSS6AI score0.02098EPSS
Exploits0References12
Rows per page
Query Builder