Lucene search
+L

5 matches found

OSV
OSV
added last week4 views

UBUNTU-CVE-2026-57214

RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders the x-internal-purpose queue or exchange argument into an HTML title attribute without proper escaping on the Queues and Exchanges pages, allowing a user with permission to declare a queue or exchange...

7.1CVSS6.2AI score0.00219EPSS
Exploits0References8
OSV
OSV
added 2026/05/11 8:29 p.m.5 views

CVE-2026-43874 WWBN AVideo: Incomplete Fix for YPTSocket autoEvalCodeOnHTML Strip: Unauthenticated Cross-User JavaScript Execution via `$msg['json']` Relay Bypass

WWBN AVideo is an open source video platform. In versions up to and including 29.0, the server-side mitigation for the YPTSocket autoEvalCodeOnHTML eval sink from CVE-2026-40911 only strips the payload when it sits under $json'msg', but the relay function msgToResourceId selects the outbound...

7.2CVSS5.9AI score0.00238EPSS
Exploits0References4
OSV
OSV
added 2026/04/21 7:55 p.m.3 views

CVE-2026-40911 WWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript Execution via Client-Side eval() Sinks

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies to every connected client without sanitizing the msg or callback fields. On the client side, plugin/YPTSocket/script.js contains two eval...

10CVSS6.1AI score0.00645EPSS
Exploits1References4
OSV
OSV
added 2026/01/21 10:2 p.m.10 views

CVE-2026-23960 Argo Workflows affected by stored XSS in the artifact directory listing

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo...

7.3CVSS5.8AI score0.00337EPSS
Exploits1References10
CVE
CVE
added 2026/01/21 10:2 p.m.18 views

CVE-2026-23960

CVE-2026-23960 affects Argo Workflows prior to versions 3.6.17 and 3.7.8. A stored XSS vulnerability in the artifact directory listing can cause arbitrary JavaScript to run in another user’s browser within the Argo Server origin, enabling actions with the victim’s privileges. Affected component: ...

7.3CVSS5.8AI score0.00337EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder