Lucene search
+L

1064 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Rails

An XSS vulnerability exists in the Action View tag helpers versions 5.2.0 and below, which would allow an attacker to inject content if they can control the input into specific attributes...

6.1CVSS6.1AI score0.01485EPSS
Exploits1References1
OSV
OSV
added 2026/05/19 4:34 p.m.7 views

GHSA-JWP7-WG77-3W9V Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching

Summary The fetch-apify-docs tool validates URLs against a domain allowlist using String.startsWith instead of proper URL hostname comparison. This allows bypass via attacker-controlled subdomains e.g., https://docs.apify.com.evil.com/, enabling the tool to fetch and return arbitrary web content ...

6.1CVSS5.9AI score0.00194EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 8:45 a.m.5 views

BIT-KYVERNO-2026-44245 Kyverno: [policy-reporter-ui] XSS via Stored Property Values in PropertyCard Component

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 2.5.2, Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentionally disables the auto-escaping that interpolation provides. The PropertyCard.vue component uses...

6.1CVSS5.9AI score0.00183EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

Ruby CSS Parser 信任管理问题漏洞

Ruby CSS Parser is an open-source tool developed by premailer, used for loading, parsing, and cascading CSS rule sets. Versions of Ruby CSS Parser prior to 2.1.0 and 1.22.0 had a trust management vulnerability. This vulnerability stemmed from unvalidated HTTPS connections, where connections were...

5.8CVSS5.8AI score0.00146EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 9:32 p.m.10 views

EUVD-2026-30090

A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields...

4.8CVSS5.9AI score0.00098EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 6:22 p.m.9 views

CVE-2026-0238

A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields...

5.9AI score0.00098EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 6:22 p.m.10 views

CVE-2026-0238 Broker VM: Improper Input Validation in Broker VM Certificate and Key Fields

A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields...

4.8CVSS5.9AI score0.00098EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 6:22 p.m.77 views

CVE-2026-0238 Broker VM: Improper Input Validation in Broker VM Certificate and Key Fields

A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields...

4.8CVSS0.00098EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.22 views

PT-2026-40749

Name of the Vulnerable Software and Affected Versions Palo Alto Networks Broker VM affected versions not specified Description An authenticated administrator can inject arbitrary content into specific Broker VM fields. Recommendations At the moment, there is no information about a newer version...

4.8CVSS5.9AI score0.00098EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.14 views

Palo Alto Networks Broker VM 输入验证错误漏洞

Palo Alto Networks Broker VM is a cloud security broker virtual machine component developed by Palo Alto Networks. There is a vulnerability in the input validation of Palo Alto Networks Broker VM, which allows authenticated administrators to inject arbitrary content into certain fields of the...

4.8CVSS5.9AI score0.00098EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 3:31 a.m.9 views

EUVD-2026-29368

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

4.7CVSS5.8AI score0.00249EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

nnU-Net 安全漏洞

nnU-Net is an automatic adaptation dataset semantic segmentation framework developed by MIC-DKFZ. Versions of nnU-Net prior to 2.4.1 contained a security vulnerability. This vulnerability stemmed from the Issue Triage workflow, which allowed attackers to control content injection into the Claude...

7.2CVSS5.8AI score0.00242EPSS
Exploits1References1
CVE
CVE
added 2026/05/05 12:20 p.m.29 views

CVE-2026-27694

Traccar (org.traccar:traccar) versions 6.11.1–6.12.x are vulnerable to stored HTML injection in email notification templates. User-controlled device, geofence, and driver names are inserted into HTML output without proper escaping, allowing an attacker with low privileges to store crafted HTML th...

5.4CVSS5.8AI score0.00162EPSS
Exploits1References1Affected Software1
Amazon
Amazon
added 2026/04/30 12:0 a.m.11 views

Medium: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's defaul...

7.5CVSS6.9AI score0.17301EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.5 views

CVE-2026-31281

Totara LMS v19.1.5 and before is vulnerable to HTML Injection. An attacker can inject malicious HTML code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser. NOTE: The...

8CVSS5.5AI score0.00302EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/13 7:41 p.m.4 views

CVE-2026-33657

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard non-administrative privileges to inject arbitrary HTML into system-generated email notifications by crafting...

4.6CVSS5.8AI score0.00176EPSS
Exploits2References3Affected Software1
Snyk
Snyk
added 2026/04/10 3:34 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the email notification rendering process. An attacker can inject arbitrary HTML content, such as phishing links or tracking images, by crafting malicious task titles that are embedded in notification emails...

5.4CVSS5.7AI score0.00195EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/03 8:28 p.m.28 views

CVE-2026-22665 prompts.chat Identity Confusion via Case-Sensitive Username Handling

prompts.chat prior to commit 1464475, contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing attackers to create case-variant usernames that bypass uniqueness checks. Attackers can exploit...

8.6CVSS0.00332EPSS
Exploits1References3
OSV
OSV
added 2026/04/03 8:28 p.m.3 views

CVE-2026-22665 prompts.chat Identity Confusion via Case-Sensitive Username Handling

prompts.chat prior to commit 1464475, contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing attackers to create case-variant usernames that bypass uniqueness checks. Attackers can exploit...

8.6CVSS6AI score0.00332EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.6 views

PT-2026-30229

Name of the Vulnerable Software and Affected Versions prompts.chat versions prior to commit 1464475 Description prompts.chat is susceptible to an identity confusion issue stemming from inconsistent case sensitivity in username handling during write and read operations. This allows attackers to...

8.6CVSS5.9AI score0.00332EPSS
Exploits1References6
Rows per page
Query Builder