Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.13 views

SUSE SLES16 Security Update : python-PyJWT (SUSE-SU-2026:22170-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22170-1 advisory. This update for python-PyJWT fixes the following issues - CVE-2026-48522: PyJWKClient passes URI arguments directly to...

7.4CVSS5.8AI score0.00394EPSS
Exploits4References16
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.17 views

Duplicate Advisory: phpMyFAQ: Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f5p7-2c9q-8896. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that...

5.4CVSS5.2AI score0.00153EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/05/15 9:31 p.m.10 views

GHSA-H36G-93QX-RXGR Duplicate Advisory: phpMyFAQ: Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f5p7-2c9q-8896. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that...

5.4CVSS5.2AI score0.00153EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/15 6:36 p.m.35 views

CVE-2026-46363 phpMyFAQ - Stored XSS in FAQ Question/Answer via Encode-Decode Bypass

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQADD permission to inject malicious script tags via question or answer...

5.4CVSS0.00153EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/06 8:18 p.m.10 views

phpMyFAQ has Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization

Summary The FAQ creation and update endpoints in phpMyFAQ apply FILTERSANITIZESPECIALCHARS which HTML-encodes input, then immediately call htmlentitydecode which reverses the encoding, followed by Filter::removeAttributes which only strips HTML attributes — not tags. This allows , , , and tags to...

5.4CVSS6.1AI score0.00153EPSS
Exploits0References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2024/02/29 1:42 a.m.3 views

CVE-2023-51774

The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...

8.4CVSS5.8AI score0.00233EPSS
Exploits1References2
Rows per page
Query Builder