CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

RedhatCVE•added 2026/06/05 7:30 p.m.•5 views

CVE-2026-42045

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/features/Portal/Artifacts/Body/Renderer/index.tsx, if no type match is found, it will choose to call the...

6.2CVSS6.1AI score0.00046EPSS

Exploits0References1

CNNVD•added 2026/05/12 12:0 a.m.•4 views

LobeHub 跨站脚本漏洞

LobeHub is an open-source AI dialogue framework developed by LobeHub. Versions of LobeHub prior to 2.1.48 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper filtering during the processing of custom tags, which could lead to cross-site scripting attacks and t...

6.2CVSS5.9AI score0.00046EPSS

Exploits0References1

Snyk•added 2026/05/05 6:4 p.m.•5 views

Command Injection

Overview @lobehub/lobehub is a LobeHub - an open-source,comprehensive AI Agent framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are...

6.2CVSS6AI score0.00046EPSS

Exploits0References2

NVD•added 2026/01/15 4:16 p.m.•1 views

CVE-2021-47843

Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer...

5.4CVSS0.00012EPSS

Exploits1References3

Cvelist•added 2026/01/15 3:52 p.m.•25 views

CVE-2021-47843 Tagstoo 2.0.1 - Stored XSS to RCE

5.4CVSS0.00012EPSS

Exploits1References3

CVE•added 2026/01/15 3:52 p.m.•6 views

CVE-2021-47843

The CVE-2021-47843 entry concerns Tagstoo 2.0.1, which is affected by a stored cross-site scripting (XSS) vulnerability in files or custom tags. The issue enables attackers to inject malicious payloads and execute arbitrary JavaScript code, potentially spawning system processes, accessing files, ...

5.4CVSS7.1AI score0.00012EPSS

Exploits1References3Affected Software1

EUVD•added 2026/01/15 3:52 p.m.•3 views

EUVD-2026-2751

7.2CVSS6.9AI score0.00012EPSS

Exploits1References5

CNNVD•added 2026/01/15 12:0 a.m.•4 views

Tagstoo Cross-Site Scripting Vulnerability

Tagstoo is a tag-based file manager developed by Pablo Andueza. Version 2.0.1 of Tagstoo contains a cross-site scripting vulnerability. This vulnerability arises from improper handling of file or custom tag inputs, which may lead to storage-based cross-site scripting attacks...

5.4CVSS5.6AI score0.00012EPSS

Exploits1References3

BDU FSTEC•added 2024/08/27 12:0 a.m.•1 views

The vulnerability of the Rails Html Sanitizer configuration tool for Rails applications stems from improper handling of input data during web page generation. This allows attackers to perform cross-site scripting attacks.

The vulnerability of the Rails Html Sanitizer configuration implementation relates to the embedding of content. If the application developer defines custom tags such as “math”, “style” or “svg” and “style”, this vulnerability can allow a remote attacker to perform cross-site scripting attacks...

6.4CVSS6.4AI score0.00181EPSS

Exploits1References9Affected Software3

OSV•added 2023/09/28 2:15 p.m.•1 views

CVE-2023-43874

Multiple Cross Site Scripting XSS vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu...

5.4CVSS6.1AI score0.0039EPSS

Exploits1References1

Fedora•added 2022/10/07 1:13 p.m.•11 views

[SECURITY] Fedora 35 Update: php-twig3-3.4.3-1.fc35

The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...

3.2AI score

Exploits0

Fedora•added 2022/02/13 1:16 a.m.•25 views

[SECURITY] Fedora 35 Update: php-twig2-2.14.11-1.fc35

9.8CVSS3.2AI score0.21146EPSS

Exploits3

CNVD•added 2022/02/09 12:0 a.m.•24 views

Sensio Labs Twig Injection Vulnerability

Sensio Labs Twig is a PHP template engine from the French company Sensio Labs that supports custom tags and filters and the creation of DSLs. Sensio Labs Twig is vulnerable to injection, which can be exploited by attackers to run arbitrary PHP functions...

9.8CVSS3.1AI score0.21146EPSS

Exploits3References1

Veracode•added 2021/12/02 3:26 a.m.•10 views

Cross-Site Scripting (XSS)

ezsystems/ezplatform-admin-ui is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in custom tags allowing an attacker to inject and execute malicious javascript...

2.7AI score

Exploits0

OSV•added 2021/12/01 6:28 p.m.•11 views

GHSA-9JP8-CWWX-P64Q XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext

The rich text editor does not escape attribute data when previewing custom tags. This means XSS is possible if custom tags are used, for users who have access to editing rich text content. Frontend content view is not affected, but the vulnerability could be used by editors to attack other editor...

6.1AI score

Exploits0References3