Lucene search
+L

1115 matches found

euvd
euvd
added 2026/07/01 12:33 a.m.7 views

EUVD-2026-40424

A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by injecting a crafted payload into the title of a Discussion in the Q&A category...

6.3CVSS5.9AI score0.00184EPSS
Exploits0References5
nvd
nvd
added 2026/06/30 10:16 p.m.10 views

CVE-2026-10585

A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by injecting a crafted payload into the title of a Discussion in the Q&A category. The...

6.3CVSS0.00184EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/06/30 9:39 p.m.7 views

CVE-2026-10585 Stored cross-site scripting vulnerability in GitHub Enterprise Server allowed arbitrary JavaScript execution via crafted Discussion titles in the Q&A category

A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by injecting a crafted payload into the title of a Discussion in the Q&A category. The...

6.3CVSS6.1AI score0.00184EPSS
Exploits0References5
cvelist
cvelist
added 2026/06/30 9:39 p.m.31 views

CVE-2026-10585 Stored cross-site scripting vulnerability in GitHub Enterprise Server allowed arbitrary JavaScript execution via crafted Discussion titles in the Q&A category

A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by injecting a crafted payload into the title of a Discussion in the Q&A category. The...

6.3CVSS0.00184EPSS
Exploits0References5
cve
cve
added 2026/06/30 9:39 p.m.35 views

CVE-2026-10585

CVE-2026-10585 describes a stored XSS in GitHub Enterprise Server where an authenticated attacker could execute JavaScript in another user’s browser by injecting a crafted payload into a Discussion title in the Q&A category. The vulnerability stems from the AnsweredQuestionStructuredDataComponent...

6.3CVSS5.9AI score0.00184EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2026/06/12 4:16 p.m.9 views

CVE-2026-44208

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submitdiscussion" endpoint allows for unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0...

6.9CVSS0.00321EPSS
Exploits0References1
euvd
euvd
added 2026/06/12 2:26 p.m.12 views

EUVD-2026-36485

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submitdiscussion" endpoint allows for unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0...

6.9CVSS5.2AI score0.00321EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 2:26 p.m.10 views

CVE-2026-44208 Frappe: IDOR in `submit_discussion()`

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submitdiscussion" endpoint allows for unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0...

6.9CVSS5.2AI score0.00321EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/12 2:26 p.m.29 views

CVE-2026-44208 Frappe: IDOR in `submit_discussion()`

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submitdiscussion" endpoint allows for unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0...

6.9CVSS0.00321EPSS
Exploits0References1
cve
cve
added 2026/06/12 2:26 p.m.22 views

CVE-2026-44208

CVE-2026-44208 affects the Frappe framework (full-stack web app). A lack of input/permission validations in the submit_discussion() endpoint allows unauthorized access to resources (IDOR) in affected builds. The issue is fixed in versions 15.107.0 and 16.17.0; prior releases were vulnerable. No e...

6.9CVSS5.2AI score0.00321EPSS
Exploits0References1
osv
osv
added 2026/06/12 2:26 p.m.3 views

CVE-2026-44208 Frappe: IDOR in `submit_discussion()`

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submitdiscussion" endpoint allows for unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0...

6.9CVSS5.9AI score0.00321EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.23 views

PT-2026-48891

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submit discussion" endpoint allows for unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0...

6.9CVSS5.2AI score0.00321EPSS
Exploits0References2
packetstormnews
packetstormnews
added 2026/06/08 12:0 a.m.12 views

Model Poisoning against Federated Model Adaptation with Chain of Bit-Flips

Federated Learning FL allows a set of clients to collectively train a global model without sharing local training data. Giving the responsibility of the training to decentralized actors may lead to poisoning attacks: clients controlled by malicious third party potentially poison the training...

5.5AI score
Exploits0
redhatcve
redhatcve
added 2026/06/05 7:35 p.m.11 views

CVE-2026-5828

A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /functions/addcomment.php. The manipulation of the argument postid results in sql injection. The attack may be launched remotely. The exploit has been made public and...

7.5CVSS7AI score0.00318EPSS
Exploits0References1
packetstormnews
packetstormnews
added 2026/06/03 12:0 a.m.20 views

Online Safety Regulation Increases Privacy Risk: Evidence from the UK Online Safety Act

Governments worldwide are increasingly regulating digital platforms to reduce online harms, particularly those affecting children. However, access restrictions can alter user behaviour and introduce new privacy and security risks. The UK Online Safety Act OSA, passed in October 2023, illustrates...

5.5AI score
Exploits0
packetstormnews
packetstormnews
added 2026/05/14 12:0 a.m.14 views

Topical Shifts in the Dark Web: A Longitudinal Analysis of Content from the Cybercrime Ecosystem

The dark web hosts a dynamic ecosystem of cybercrime forums and marketplaces that adapt to law enforcement pressure, technological change, and economic incentives. Prior research has extracted cyber threat intelligence from these platforms using static snapshots, with limited attention to how...

5.8AI score
Exploits0
ptsecurity
ptsecurity
added 2026/05/14 12:0 a.m.12 views

PT-2026-40868

Name of the Vulnerable Software and Affected Versions Composer versions prior to 2.9.8 Description A validation error in Composer causes GitHub tokens to be leaked into CI/CD logs. Recommendations Update to version 2.9.8. Audit GitHub Action logs for leaked tokens...

7.5CVSS5.8AI score0.00079EPSS
Exploits0References27
redhatcve
redhatcve
added 2026/05/13 8:23 p.m.8 views

CVE-2026-42857

Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer cleanthreadhtmlbody used for discussion notification emails fails to remove...

5.4CVSS5.8AI score0.0021EPSS
Exploits1References1
cvelist
cvelist
added 2026/05/11 5:32 p.m.55 views

CVE-2026-42857 Open edX Platform: Stored CSS Injection in Email Notifications via Incomplete HTML Sanitization

Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer cleanthreadhtmlbody used for discussion notification emails fails to remove tags from user-generated discussion post content. This content is rendered with Django's |safe template filter in...

4.6CVSS0.0021EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/05/11 5:32 p.m.7 views

CVE-2026-42857

Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer cleanthreadhtmlbody used for discussion notification emails fails to remove...

4.6CVSS5.8AI score0.0021EPSS
Exploits1References3
Rows per page
Query Builder