Lucene search
K

734 matches found

Nuclei
Nuclei
added yesterday42 views

EyouCms v1.6.2 - Cross-Site Scripting

EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /admin/twitter.php?activet. id: CVE-2023-41597 info: name: EyouCms v1.6.2 - Cross-Site Scripting author: ritikchaddha severity: medium description: | EyouCms v1.6.2 was discovered to...

6.1CVSS6.3AI score0.01224EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago26 views

Malicious code in jscrambler (npm)

Supply-chain compromise of the official jscrambler npm client, a legitimate JavaScript obfuscation tool with roughly 60K downloads per month. Version 8.14.0 was published from the legitimate publisher account jscrambler / [email protected], which points to an account or CI compromise rather tha...

6.1AI score
Exploits0References8
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-13320

A flaw was found in GitLab. Under certain conditions, an authenticated user could exploit improper sanitization of user-supplied input. This vulnerability allows for the execution of arbitrary scripts within another user's browser session, commonly known as Cross-Site Scripting XSS. This could le...

7.3CVSS6.1AI score0.00243EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 5 days ago6 views

GitLab 13.11 < 18.11.7 / 19.0 < 19.0.4 / 19.1 < 19.1.2 (CVE-2026-6896)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticat...

8.7CVSS6.4AI score0.00282EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-42402

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to execute arbitrary scripts in another user's browser session due to improper...

7.3CVSS6.2AI score0.00243EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56589

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.7 through 18.11.6 GitLab CE/EE versions 19.0 through 19.0.3 GitLab CE/EE versions 19.1 through 19.1.1 Description An issue exists where improper sanitization of user-supplied input could allow an authenticated user to...

7.3CVSS6.3AI score0.00243EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:4 p.m.6 views

CVE-2026-34098

Guardian language-system fails to sanitize the id GET parameter before inserting it into HTML source and form action attributes in media.php lines 119, 129. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.10 views

CVE-2026-43625

CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. Attackers can position themselves on the network path to receive...

8.2CVSS5.5AI score0.00186EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-5816

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions...

8.1CVSS5.9AI score0.00407EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/04 4:15 p.m.10 views

PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation

A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...

8.8CVSS6.1AI score0.0021EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 a.m.11 views

CVE-2026-6335

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization...

5.4CVSS6.2AI score0.00192EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 6:16 a.m.7 views

UBUNTU-CVE-2026-6335

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization...

5.4CVSS6.2AI score0.00192EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/14 5:33 a.m.11 views

EUVD-2026-30235

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization...

5.4CVSS6.2AI score0.00192EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:33 a.m.14 views

CVE-2026-6335

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization...

5.4CVSS6.2AI score0.00192EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/07 8:21 p.m.12 views

CVE-2026-43575

OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the...

9.8CVSS5.8AI score0.00401EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/06 9:31 p.m.12 views

EUVD-2026-28163

OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the...

9.8CVSS5.8AI score0.00401EPSS
Exploits0References4
NVD
NVD
added 2026/05/06 8:16 p.m.15 views

CVE-2026-43575

OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the...

9.8CVSS0.00401EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:49 p.m.8 views

CVE-2026-43575

OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the...

9.8CVSS5.8AI score0.00401EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 7:49 p.m.12 views

CVE-2026-43575 OpenClaw 2026.2.21 < 2026.4.10 - Authentication Bypass in Sandbox noVNC Helper Route

OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the...

9.8CVSS5.8AI score0.00401EPSS
Exploits0References3
CVE
CVE
added 2026/04/22 4:4 p.m.13 views

CVE-2026-5816

CVE-2026-5816 affects GitLab CE/EE prior to 18.10.4 and prior to 18.11.1, with an issue in path validation that could allow an unauthenticated user to execute arbitrary JavaScript in a user’s browser session. GitLab has released patches in versions 18.10.4 and 18.11.1 to remediate this. The vulne...

8.1CVSS6.1AI score0.00407EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder