Lucene search
K

3535 matches found

RedHat Linux
RedHat Linux
added 2026/03/02 1:35 a.m.8 views

Important: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

8.6CVSS7.2AI score0.01945EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/03/02 1:35 a.m.6 views

cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy

A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...

8.6CVSS7.3AI score0.00472EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/03/02 1:34 a.m.8 views

cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy

A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...

8.6CVSS7.3AI score0.00472EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/03/02 1:26 a.m.5 views

cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy

A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...

8.6CVSS7.3AI score0.00472EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/03/02 1:25 a.m.6 views

cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy

A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...

8.6CVSS7.3AI score0.00472EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/03/02 1:23 a.m.5 views

cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy

A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...

8.6CVSS7.3AI score0.00472EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/03/02 1:22 a.m.7 views

cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy

A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...

8.6CVSS7.3AI score0.00472EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.6 views

PT-2026-22635

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 0.301.3 Description NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling...

5.4CVSS5.8AI score0.00143EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.6 views

NocoDB 跨站脚本漏洞

NocoDB is an open-source alternative to Airtable. It converts any MySQL, PostgreSQL, SQL Server, SQLite, and MariaDB databases into intelligent spreadsheets. Versions of NocoDB prior to 0.301.3 had a cross-site scripting vulnerability. This vulnerability occurred due to the lack of cleanup during...

5.4CVSS5.7AI score0.00143EPSS
Exploits0References2
OSV
OSV
added 2026/02/28 12:45 p.m.6 views

OESA-2026-1459 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

6CVSS5.9AI score0.0055EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/25 4:17 p.m.6 views

CVE-2026-27568

WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown v1.7.4 without Safe Mode enabled. Markdown links are not sufficiently sanitized, allowing javascript: URIs to be rendered as clickable links. An authenticated...

6.1CVSS5.4AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/25 10:16 a.m.9 views

CVE-2025-15386

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...

8.8CVSS5.4AI score0.00261EPSS
Exploits0References1
OSV
OSV
added 2026/02/24 4:3 p.m.17 views

GHSA-9FWW-8CPR-Q66R Isso affected by Stored XSS via comment website field

Impact This is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, which left single and double quotes unescaped. Since the frontend inserts the website value directly into a single-quoted href...

6.1CVSS5.9AI score0.00216EPSS
Exploits0References5
NVD
NVD
added 2026/02/24 3:21 p.m.9 views

CVE-2026-27568

WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown v1.7.4 without Safe Mode enabled. Markdown links are not sufficiently sanitized, allowing javascript: URIs to be rendered as clickable links. An authenticated...

6.1CVSS0.00229EPSS
Exploits0References3
CVE
CVE
added 2026/02/24 2:53 p.m.19 views

CVE-2026-27568

WWBN AVideo (open source video platform) is affected prior to version 21.0 by CVE-2026-27568, where Markdown in video comments processed by Parsedown v1.7.4 without Safe Mode allows javascript: URIs to be rendered as links. An authenticated low-privilege attacker can post a malicious comment whos...

6.1CVSS5.4AI score0.00229EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/24 2:53 p.m.4 views

CVE-2026-27568 AVideo has Stored Cross-Site Scripting via Markdown Comment Injection

WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown v1.7.4 without Safe Mode enabled. Markdown links are not sufficiently sanitized, allowing javascript: URIs to be rendered as clickable links. An authenticated...

5.1CVSS5.9AI score0.00229EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/24 2:53 p.m.21 views

CVE-2026-27568 AVideo has Stored Cross-Site Scripting via Markdown Comment Injection

WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown v1.7.4 without Safe Mode enabled. Markdown links are not sufficiently sanitized, allowing javascript: URIs to be rendered as clickable links. An authenticated...

5.1CVSS0.00229EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/24 6:0 a.m.8 views

EUVD-2025-207548

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...

8.8CVSS5.4AI score0.00261EPSS
Exploits0References1
CVE
CVE
added 2026/02/24 6:0 a.m.24 views

CVE-2025-15386

The CVE describes an Unauthenticated Stored XSS in the WordPress plugin “Responsive Lightbox & Gallery”

8.8CVSS5.4AI score0.00261EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.8 views

PT-2026-21665

Name of the Vulnerable Software and Affected Versions Responsive Lightbox & Gallery WordPress plugin versions prior to 2.6.1 Description The software contains a flaw in its regex replacement rules that allows for an Unauthenticated Stored-XSS attack. This occurs when a malicious link is posted as...

8.8CVSS6AI score0.00261EPSS
Exploits0References8
Rows per page
Query Builder