145 matches found
ServiceNow - Cross-Site Scripting
ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript. id: CVE-2022-38463 info: name: ServiceNow - Cross-Site Scripting author: amanrawat...
CVE-2026-41013
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...
CVE-2026-41013
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...
CVE-2026-41013
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...
EUVD-2026-33727
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...
CVE-2026-41013 Tenant-controlled comma smuggles arbitrary CIFS mount options
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...
CVE-2026-41013
CVE-2026-41013 describes an input validation bypass in the SMB volume mount handling of CloudFoundry Foundation’s diego-release. The vulnerability allows a low-privileged CF space developer to inject arbitrary kernel CIFS mount options by bypassing the mount-option allowlist, enabling privilege e...
PT-2026-45516
Name of the Vulnerable Software and Affected Versions smb-volume-release versions prior to v3.60.0 CF Deployment versions prior to v56.0.0 Description An input validation bypass exists in the SMB volume mount handling within CloudFoundry Foundation diego-release. This allows a low-privileged CF...
CVE-2026-41013 - Tenant-controlled comma smuggles arbitrary CIFS mount options | Cloud Foundry
HIGH CVSS 3.1 Score: 8.5 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N Vendor CloudFoundry Foundation Versions Affected Severity is HIGH unless otherwise noted. smb-volume-release – All versions prior to v3.60.0 CF Deployment – All versions prior to v56.0.0 Description Input validation bypass in SMB volume...
CVE-2022-38463
ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality...
EUVD-2025-133349
Malicious code in teate-thy-sonic-diego npm...
EUVD-2025-36001
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nick Diego Blox Lite blox-lite allows Stored XSS.This issue affects Blox Lite: from n/a through = 1.2.8...
PT-2025-43816
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nick Diego Blox Lite blox-lite allows Stored XSS.This issue affects Blox Lite: from n/a through = 1.2.8...
EUVD-2018-7621
Malware in sbrugna...
EUVD-2018-11890
Malware in sbrugna...
EUVD-2016-4151
Malware in sbrugna...
EUVD-2015-5307
Malware in sbrugna...
EUVD-2022-53131
Malicious code in bioql PyPI...
EUVD-2022-40768
Malicious code in bioql PyPI...
CVE-2025-57932
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Diego Pereira PowerFolio portfolio-elementor allows Stored XSS.This issue affects PowerFolio: from n/a through = 3.2.1...