Lucene search
K

1177 matches found

BDU FSTEC
BDU FSTEC
added 2025/06/18 12:0 a.m.6 views

The vulnerability in the web interface of the operating system PAN-OS, which allows a perpetrator to execute arbitrary commands

The vulnerability in the web interface of the operating system PAN-OS is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands with root privileges...

9.1CVSS5.9AI score0.01024EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2025/06/10 4:8 a.m.6 views

Cross-Site Scripting (XSS)

barryvdh/laravel-translation-manager is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to incorrect input validation and sanitization of user-input data, allowing attackers to inject arbitrary HTML or JavaScript code...

6CVSS5.8AI score0.00352EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2025/05/30 6:18 a.m.57 views

CVE-2025-48489

CVE-2025-48489 affects FreeScout (PHP/Laravel) prior to version 1.8.180. The issue is a Cross-Site Scripting (XSS) vulnerability caused by insufficient data validation and sanitization during data reception. Evidence across multiple sources confirms the vulnerability and notes that it has been pa...

4.8CVSS5.7AI score0.00187EPSS
Exploits1References1Affected Software1
Drupal
Drupal
added 2025/05/28 12:0 a.m.21 views

Simple Klaro - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-073

The "Simple Klaro" module adds the "Klaro! A Simple Consent Manager" to your website and allows you to configure it according to your needs in the Drupal backend. The module doesn't sufficiently sanitise data attributes allowing persistent Cross Site Scripting XSS attacks. This vulnerability is...

5CVSS5.7AI score0.00187EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:1 a.m.5 views

CVE-2023-28637

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

8.8CVSS8AI score0.0132EPSS
Exploits1References1
Veracode
Veracode
added 2025/05/23 4:25 a.m.13 views

Remote Code Execution (RCE)

srfeuserregister is vulnerable to Remote Code Execution. The vulnerability is due to improper input validation and insufficient sanitization of user-supplied data, which allows attackers to inject and execute arbitrary PHP code on the server...

10CVSS7.8AI score0.00598EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/23 12:0 a.m.5 views

The vulnerability of the formSysCmd function in the microprogramming software of the D-Link DIR-600L router allows a hacker to execute arbitrary commands.

The vulnerability of the formSysCmd function in the microprogramming system of the D-Link DIR-600L router is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the host parameter...

10CVSS8AI score0.03269EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/23 12:0 a.m.7 views

The vulnerability of the formSetSambaConf() function in the Tenda AC9 router software allows a hacker to execute arbitrary code.

The vulnerability of the formSetSambaConf function in the Tenda AC9 router software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

6.5CVSS5.9AI score0.01974EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/23 12:0 a.m.6 views

The vulnerability of the wake_on_lan function in D-Link DIR-600L router software allows a hacker to execute arbitrary commands.

The vulnerability of the wakeonlan function in D-Link DIR-600L router software lies in the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the host parameter...

10CVSS8AI score0.03269EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 11:41 p.m.7 views

CVE-2022-2146

The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting...

6.1CVSS6.7AI score0.00337EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:31 p.m.6 views

CVE-2022-1546

The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.7AI score0.00739EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:30 p.m.8 views

CVE-2022-1416

Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling...

5.4CVSS6.4AI score0.00708EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:16 p.m.6 views

CVE-2022-36325

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS...

6.8CVSS7AI score0.00794EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:33 p.m.12 views

CVE-2022-2593

The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks...

7.2CVSS7.6AI score0.01066EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:18 p.m.9 views

CVE-2022-1023

The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file...

7.2CVSS7.6AI score0.01461EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:5 p.m.8 views

CVE-2021-37365

CTparental before 4.45.03 is vulnerable to cross-site scripting XSS in the CTparental admin panel. In blcategireshelp.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into th...

6.1CVSS5.9AI score0.00685EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.7 views

CVE-2021-25066

The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.9AI score0.00552EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:47 p.m.8 views

CVE-2021-41844

Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data...

9.8CVSS7AI score0.01052EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:38 p.m.5 views

CVE-2021-35502

app/View/Elements/genericElements/IndexTable/Fields/genericfield.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index...

9.8CVSS6.8AI score0.01087EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.5 views

CVE-2021-24624

The MP3 Audio Player for Music, Radio & Podcast by Sonaar WordPress plugin before 2.4.2 does not properly sanitize or escape data in some of its Playlist settings, allowing high privilege users to perform Cross-Site Scripting attacks...

4.8CVSS6.2AI score0.00622EPSS
Exploits2References1
Rows per page
Query Builder