Lucene search
+L

399 matches found

OSV
OSV
added 2026/04/21 5:25 p.m.6 views

USN-8194-1 php-league-commonmark vulnerabilities

It was discovered that league/commonmark did not properly restrict unsafe attributes when the Attributes extension was enabled. An attacker could possibly use this issue to cause cross-site scripting by injecting malicious code into rendered HTML. This issue only affected Ubuntu 22.04 LTS and...

6.4CVSS5.7AI score0.00287EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/18 12:46 a.m.8 views

Incomplete List of Disallowed Inputs

Overview flowise-ui is a Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the run method of the AirtableAgents class, which evaluates LLM-generated Python scripts in a non-sandboxed environment. An attacker can execute arbitrary code on the server by...

9.8CVSS6.3AI score0.00464EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/16 8:41 p.m.5 views

Server-side Request Forgery (SSRF)

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the screenshot upload, due to improper enforcement of domain restrictions after redirects. An attacker c...

7.6CVSS5.7AI score0.0024EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 5:32 p.m.3 views

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs inadequate authorization checks in the containerRequestHandler process. An attacker can gain unauthorized access to sensitive system information and trigger actions on systems they do not belong to b...

3.5CVSS5.8AI score0.00219EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 10:7 a.m.6 views

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the isVMLowLevelOptionForbidden function in lxd/project/limits/permissions.go. An attacker can set forbidden low-level VM configuration keys, such as raw.apparmor or raw.qemu.conf in a project th...

9.1CVSS5.4AI score0.00363EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 6:14 p.m.4 views

Incomplete List of Disallowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the exec allowlist component. An attacker can execute unauthorized scripts by leveraging shell init-file options such as --rcfile, --init-file, or...

6.3CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/03 11:2 p.m.5 views

CVE-2026-5418

A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...

7.5CVSS6.6AI score0.00303EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/03 3:7 a.m.5 views

Incomplete List of Disallowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs due to insufficient sanitization of environment variables related to package management, registries, Docker, compilers, and TLS overrides in the...

7.1CVSS6AI score0.00307EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/02 9:32 p.m.14 views

Incomplete List of Disallowed Inputs

Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs through the validateScriptFileForShellBleed process. An attacker can execute unauthorized script content by crafting piped, substituted, or...

5.4CVSS5.9AI score0.00303EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 7:21 p.m.19 views

CVE-2026-5418

A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...

7.5CVSS0.00303EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/02 6:30 p.m.28 views

CVE-2026-5418 appsmithorg appsmith Dashboard WebClientUtils.java computeDisallowedHosts server-side request forgery

A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...

7.5CVSS0.00303EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/02 6:30 p.m.1 views

CVE-2026-5418

A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...

7.5CVSS6.6AI score0.00303EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/02 6:30 p.m.20 views

CVE-2026-5418

The CVE affects appsmith.org Appsmith Dashboard up to version 1.97, specifically the computeDisallowedHosts function in WebClientUtils.java. The issue enables server-side request forgery (SSRF) and may be exploitable remotely; an exploit is publicly available. Mitigation provided in the sources i...

7.5CVSS6.6AI score0.00303EPSS
Exploits0References5
OSV
OSV
added 2026/04/02 6:30 p.m.3 views

CVE-2026-5418 appsmithorg appsmith Dashboard WebClientUtils.java computeDisallowedHosts server-side request forgery

A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...

6.9CVSS6.6AI score0.00303EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.8 views

PT-2026-29873

A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...

7.5CVSS6.6AI score0.00303EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

Appsmith 代码问题漏洞

Appsmith is an open-source platform developed by Appsmith for building, deploying, and maintaining internal applications. Versions of Appsmith 1.97 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect operations in the computeDisallowedHosts function of the...

7.5CVSS7.2AI score0.00303EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/01 8:29 p.m.6 views

Incomplete List of Disallowed Inputs

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the SafeXPath3Parser implementation. An attacker can access sensitive files from the local filesystem by leveraging unblock...

7.1CVSS5.8AI score0.00282EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/26 6:0 a.m.2 views

CVE-2026-1430

The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00189EPSS
Exploits0References1
OSV
OSV
added 2026/03/19 1:0 a.m.5 views

CVE-2026-27566 OpenClaw < 2026.2.22 - Allowlist Bypass via Wrapper Binary Unwrapping in system.run

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads that satisfy allowlist entries while...

7.1CVSS6.9AI score0.00419EPSS
Exploits0References5
OSV
OSV
added 2026/03/18 5:26 p.m.6 views

GHSA-46FP-8F5P-PF2M Improper detection of disallowed URIs by Loofah `allowed_uri?`

Summary Loofah::HTML5::Scrub.alloweduri? does not correctly reject javascript: URIs when the scheme is split by HTML entity-encoded control characters such as carriage return, line feed, or tab. Details The alloweduri? method strips literal control characters before decoding HTML entities. Payloa...

6.9CVSS5.5AI score
Exploits0References2
Rows per page
Query Builder