Lucene search
K

10 matches found

Github Security Blog
Github Security Blog
added 2026/04/02 8:57 p.m.35 views

OpenClaw: PIP_INDEX_URL and UV_INDEX_URL bypass host exec env sanitization and redirect Python package-index traffic

Summary PIPINDEXURL and UVINDEXURL bypass host exec env sanitization and redirect Python package-index traffic Current Maintainer Triage - Status: narrow - Normalized severity: high - Assessment: v2026.3.28 still allows Python package-index env redirection through host exec, but scope should stay...

6.1CVSS6AI score0.00125EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.8 views

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2026-1499)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1499 advisory. cmd/go: bypass of flag sanitization can lead to arbitrary code execution CVE-2025-61731 cmd/go: unexpected code execution when invoking toolchain CVE-2025-68119 Tenable has extracted the...

8.6CVSS7.6AI score0.00532EPSS
Exploits0References6
Veracode
Veracode
added 2026/03/26 8:45 a.m.6 views

Cross-site Scripting (XSS)

Angular is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to internationalization of security-sensitive attributes bypassing Angular’s sanitization when combined with untrusted data binding, which allows an attacker to inject malicious scripts...

9CVSS6AI score0.00339EPSS
Exploits0References8Affected Software2
Vulnrichment
Vulnrichment
added 2026/03/06 3:5 a.m.5 views

CVE-2026-28501 WWBN AVideo: Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php

WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a...

9.8CVSS5.8AI score0.0151EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.5 views

Amazon Linux 2023 : golist (ALAS2023-2026-1382)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1382 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

10CVSS7.2AI score0.01945EPSS
Exploits2References10
Vulnrichment
Vulnrichment
added 2025/05/13 9:31 a.m.15 views

CVE-2025-4647 A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG. This issue affects web: from 24.10.0 before...

8.4CVSS8.4AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/04 12:0 a.m.4 views

PT-2023-29225 · Unknown · Sanitize-Html

Name of the Vulnerable Software and Affected Versions: HtmlSanitizer versions prior to 8.0.723 HtmlSanitizer version 8.1.722-beta and earlier Description: The issue occurs in configurations where foreign content is allowed, specifically when svg or math are in the list of allowed elements. This...

6.1CVSS6.1AI score0.00363EPSS
Exploits0References10
NVD
NVD
added 2023/05/24 5:15 p.m.47 views

CVE-2021-25748

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of...

7.6CVSS7.5AI score0.00694EPSS
Exploits0References2
Snyk
Snyk
added 2022/09/20 1:17 p.m.3 views

Prototype Pollution

Overview express-xss-sanitizer is an Express 4.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. Affected versions of this package are vulnerable to Prototype Pollution via the allowedTags attribute, allowin...

7.3CVSS7.4AI score0.00718EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2021/11/17 12:0 a.m.3 views

PT-2021-6670 · Unknown +1 · Ckeditor 4 +1

Name of the Vulnerable Software and Affected Versions: CKEditor 4 versions prior to 4.17.0 Description: A vulnerability has been discovered in the core HTML processing module of CKEditor 4, which may affect all plugins used by the editor. This issue allows an attacker to inject malformed comments...

8.2CVSS6.2AI score0.0147EPSS
Exploits0References22
Rows per page
Query Builder