Lucene search
K

144 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-59895

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class...

6.1CVSS0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-59895

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class...

6.1CVSS6.1AI score0.00187EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-59895 Hono: Server-Side XSS via JSX Escaping Bypass in cx() Utility

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class...

6.1CVSS0.00187EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51004

Name of the Vulnerable Software and Affected Versions WP Go Maps versions prior to 10.1.02 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Unauthenticated attackers can create arbitrary records in plugin...

5.3CVSS6AI score0.00205EPSS
Exploits0References9
NVD
NVD
added 2026/06/08 8:16 p.m.11 views

CVE-2026-11583

A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argument className leads to sql injection. It is possible to initiate the attack remotely. The exploit...

6.5CVSS0.00204EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:15 p.m.9 views

CVE-2026-11583

A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argument className leads to sql injection. It is possible to initiate the attack remotely. The exploit...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/06/08 7:15 p.m.36 views

CVE-2026-11583 CodeAstro Student Attendance Management System createClass.php sql injection

A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argument className leads to sql injection. It is possible to initiate the attack remotely. The exploit...

6.5CVSS0.00204EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.12 views

SUSE CVE-2026-8796

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References3
OSV
OSV
added 2026/05/31 8:16 p.m.9 views

DEBIAN-CVE-2026-8796

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/31 7:43 p.m.15 views

EUVD-2026-33517

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...

5.8AI score0.00399EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/31 7:43 p.m.8 views

CVE-2026-8796

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...

5.8AI score0.00399EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/19 8:31 p.m.7 views

CVE-2026-34216

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied request input and used it for dynamic static method calls and object instantiation without any allowli...

6.6CVSS6AI score0.00532EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/19 8:31 p.m.10 views

EUVD-2026-30983

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied request input and used it for dynamic static method calls and object instantiation without any allowli...

6.6CVSS6AI score0.00532EPSS
Exploits0References2
CVE
CVE
added 2026/05/02 4:27 a.m.18 views

CVE-2026-4658

The CVE-2026-4658 entry concerns the WordPress plugin Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (Add-to-Cart block). Affected: all versions up to 6.0.4. Root cause: insufficient output escaping in render_callback() where class and data-id attributes are built via raw ...

6.4CVSS6AI score0.00419EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.8 views

Apache MINA 代码问题漏洞

Apache MINA is a web application framework developed by the Apache Foundation in the United States. This product is primarily used for developing high-performance and highly scalable web applications. There were code vulnerabilities in versions of Apache MINA from 2.1.0 to 2.1.11, as well as in...

9.8CVSS6.8AI score0.00657EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.8 views

Apache MINA 代码问题漏洞

Apache MINA is a web application framework developed by the Apache Foundation in the United States. This product is primarily used for developing high-performance and highly scalable web applications. There were code vulnerabilities in versions of Apache MINA from 2.1.0 to 2.1.11, as well as in...

9.8CVSS6.9AI score0.00902EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/27 2:25 p.m.9 views

CVE-2026-41635

A flaw was found in Apache MINA. A remote attacker could exploit a vulnerability in the AbstractIoBuffer.resolveClass method, which failed to properly validate class names for static classes or primitive types. This bypasses the intended security control, known as a classname allowlist, allowing ...

9.8CVSS6.1AI score0.0064EPSS
Exploits0References4
CVE
CVE
added 2026/04/27 9:20 a.m.47 views

CVE-2026-41409

Apache MINA is affected by CVE-2026-41409 due to an incomplete fix for CVE-2024-52046 in AbstractIoBuffer.getObject(). The classname allowlist for deserialization was enforced too late after a class static initializer could already run. Affected versions: MINA 2.0.0–2.0.27, 2.1.0–2.1.10, 2.2.0–2....

9.8CVSS5.3AI score0.00451EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.10 views

PT-2026-35387

Name of the Vulnerable Software and Affected Versions Apache MINA versions 2.0.0 through 2.0.27 Apache MINA versions 2.1.0 through 2.1.10 Apache MINA versions 2.2.0 through 2.2.5 Description An issue exists in the getObject function of the AbstractIoBuffer class due to an incomplete deserializati...

10CVSS7.1AI score0.00451EPSS
Exploits0References276
CVE
CVE
added 2026/04/21 3:26 p.m.26 views

CVE-2017-20230

CVE-2017-20230 affects Perl’s Storable before 3.05. The issue arises in retrieve_hook, which stores the class-name length as a signed int but reads it as unsigned, enabling crafted data to trigger a stack overflow during read operations. Public reports confirm a high-impact condition (CRITICAL) w...

10CVSS5.8AI score0.00641EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder