143 matches found
ServiceNow - Cross-Site Scripting
ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript. id: CVE-2022-38463 info: name: ServiceNow - Cross-Site Scripting author: amanrawat...
CVE-2026-41013
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...
CVE-2026-41013
CVE-2026-41013 describes an input validation bypass in the SMB volume mount handling of CloudFoundry Foundation’s diego-release. The vulnerability allows a low-privileged CF space developer to inject arbitrary kernel CIFS mount options by bypassing the mount-option allowlist, enabling privilege e...
EUVD-2026-33727
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...
CVE-2026-41013 Tenant-controlled comma smuggles arbitrary CIFS mount options
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...
CVE-2026-41013
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...
PT-2026-45516
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...
CVE-2022-38463
ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality...
EUVD-2025-133349
Malicious code in teate-thy-sonic-diego npm...
EUVD-2025-36001
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nick Diego Blox Lite blox-lite allows Stored XSS.This issue affects Blox Lite: from n/a through = 1.2.8...
PT-2025-43816
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nick Diego Blox Lite blox-lite allows Stored XSS.This issue affects Blox Lite: from n/a through = 1.2.8...
EUVD-2016-4151
Malware in sbrugna...
EUVD-2018-11890
Malware in sbrugna...
EUVD-2015-5307
Malware in sbrugna...
EUVD-2018-7621
Malware in sbrugna...
EUVD-2022-53131
Malicious code in bioql PyPI...
EUVD-2022-40768
Malicious code in bioql PyPI...
CVE-2025-57932
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Diego Pereira PowerFolio portfolio-elementor allows Stored XSS.This issue affects PowerFolio: from n/a through = 3.2.1...
CVE-2022-31733
Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are turned off, then a...
CVE-2022-38172
ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard...