Lucene search
K

27 matches found

EUVD
EUVD
added 2026/06/11 12:32 a.m.12 views

EUVD-2026-36167

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...

5.5AI score0.00657EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 11:16 p.m.11 views

CVE-2026-50223

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...

8.8CVSS0.00657EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 10:23 p.m.7 views

CVE-2026-50223 Apache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code Execution

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...

5.5AI score0.00657EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 10:23 p.m.30 views

CVE-2026-50223 Apache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code Execution

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...

0.00657EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 10:23 p.m.25 views

CVE-2026-50223

CVE-2026-50223 affects Apache OFBiz prior to 24.09.07. It is caused by improper control of code generation (template injection) via DataResource editing by a low-privileged authenticated user, enabling possible Remote Code Execution. A fix is available in version 24.09.07; upgrading is recommende...

8.8CVSS5.5AI score0.00657EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48576

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.07 Description Improper Control of Generation of Code allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks. This can lead to Remote...

6AI score0.00657EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/19 9:18 a.m.9 views

EUVD-2026-30855

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with...

6.5CVSS5.7AI score0.00541EPSS
Exploits0References1
OSV
OSV
added 2026/03/15 9:33 a.m.4 views

MAL-2026-1434 Malicious code in my-super-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 58a8ef40f042f56d80d455abeb03442516dfd8ed81f462d9da071089ff82f31e During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.2 views

CVE-2026-26022

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, a stored cross-site scripting XSS vulnerability exists in the comment and issue description functionality. The application's HTML sanitizer explicitly allows data: URI schemes, enabling authenticated users to inject arbitrar...

8.7CVSS5.8AI score0.00306EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2015-1075

Malware in sbrugna...

9.8CVSS6AI score0.00892EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-0305

Malware in sbrugna...

8.1CVSS8.1AI score0.00546EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-23515

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0, = 2.1.0, 2.19.1 is...

6.1CVSS6.3AI score0.00792EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/19 12:8 a.m.7 views

CVE-2025-45880

A cross-site scripting XSS vulnerability in the data resource management function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...

6.1CVSS5.8AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.2 views

Miliaris Amigdala 跨站脚本漏洞

Miliaris Amigdala is an application from the Italian company Miliaris. A cross-site scripting vulnerability exists in Miliaris Amigdala version v2.2.6, which stems from cross-site scripting in the Data Resource Management function that could lead to the execution of arbitrary HTML...

6.1CVSS6AI score0.00231EPSS
Exploits0References4
CVE
CVE
added 2025/06/17 12:0 a.m.21 views

CVE-2025-45880

CVE-2025-45880 is confirmed with public sources detailing a cross-site scripting (XSS) vulnerability in the data resource management function of Miliaris Amigdala v2.2.6. The issue allows an attacker to execute arbitrary HTML in a user’s browser via a crafted payload. The CVSS 3.1 base score is 6...

6.1CVSS5.9AI score0.00231EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 2:24 a.m.9 views

CVE-2015-10062

A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown part of the component Command Line Template. The manipulation leads to injection. Upgrading to version 14.10.1 is able to address this issue. The patch is named...

9.8CVSS7.6AI score0.00892EPSS
Exploits0References1
OSV
OSV
added 2025/04/03 2:15 p.m.7 views

AZL-59541 CVE-2025-32051 affecting package libsoup for versions less than 3.4.4-6

A flaw was found in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service DoS...

5.9CVSS5.7AI score0.00483EPSS
Exploits0References1
OSV
OSV
added 2024/10/29 1:15 p.m.2 views

DEBIAN-CVE-2024-10460

The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...

5.3CVSS6.8AI score0.00294EPSS
Exploits0References1
NVD
NVD
added 2023/01/17 7:15 p.m.14 views

CVE-2015-10062

A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown part of the component Command Line Template. The manipulation leads to injection. Upgrading to version 14.10.1 is able to address this issue. The patch is named...

9.8CVSS7AI score0.00892EPSS
Exploits0References4
Prion
Prion
added 2023/01/17 7:15 p.m.18 views

Design/Logic Flaw

A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown part of the component Command Line Template. The manipulation leads to injection. Upgrading to version 14.10.1 is able to address this issue. The patch is named...

7.5CVSS8AI score0.00892EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder