Lucene search
K

1510 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.5 views

CVE-2026-32844

XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...

6.1CVSS6AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.4 views

CVE-2026-1806

The Tour & Activity Operator Plugin for TourCMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'target' parameter of the tourcmsdoclink shortcode in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possib...

6.4CVSS6AI score0.00235EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/26 2:51 p.m.10 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.6

Red Hat OpenShift Service Mesh 3.1.6 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.1....

10CVSS7.3AI score0.01945EPSS
Exploits2References14
NVD
NVD
added 2026/03/25 4:16 p.m.16 views

CVE-2026-26831

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...

9.8CVSS0.02421EPSS
Exploits4References6
GithubExploit
GithubExploit
added 2026/03/24 4:15 p.m.138 views

Exploit for CVE-2026-26831

CVE-2026-26831: OS command injection in textract Summary...

6.2AI score0.02421EPSS
Exploits4
OSV
OSV
added 2026/03/23 6:14 p.m.5 views

GO-2026-4733 Mattermost fails to bound memory allocation when processing DOC files in github.com/mattermost/mattermost-server

Mattermost fails to bound memory allocation when processing DOC files in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

4.3CVSS5.8AI score0.00267EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.2 views

CVE-2026-1806 Tour & Activity Operator Plugin for TourCMS <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Tour & Activity Operator Plugin for TourCMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'target' parameter of the tourcmsdoclink shortcode in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possib...

6.4CVSS6AI score0.00235EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.1 views

CVE-2026-1806

The Tour & Activity Operator Plugin for TourCMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'target' parameter of the tourcmsdoclink shortcode in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possib...

6.4CVSS6AI score0.00235EPSS
Exploits0References4
NVD
NVD
added 2026/03/20 6:16 p.m.5 views

CVE-2026-32844

XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...

6.1CVSS0.00257EPSS
Exploits0References2
CVE
CVE
added 2026/03/20 5:26 p.m.11 views

CVE-2026-32844

XinLiangCoder php_api_doc contains a reflected XSS via list_method.php (GET parameter f) after commit 1ce5bbf. Unsanitized input is echoed to the page, enabling execution of arbitrary JavaScript in victims’ browsers. Impact cited includes session hijacking, credential theft, or malware distributi...

6.1CVSS6AI score0.00257EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/20 5:26 p.m.21 views

CVE-2026-32844 XinLiangCoder / php_api_doc Reflected XSS via list_method.php

XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...

6.1CVSS0.00257EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.9 views

php_api_doc 跨站脚本漏洞

phpapidoc is a PHP API documentation generation tool developed by Wally’s personal developer. phpapidoc has a cross-site scripting vulnerability, which stems from improper cleaning of the f parameter in the listmethod.php file. This vulnerability may lead to reflective cross-site scripting attack...

6.1CVSS5.6AI score0.00257EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/16 3:30 p.m.3 views

EUVD-2026-12430

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00267EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/16 3:30 p.m.6 views

Mattermost fails to bound memory allocation when processing DOC files

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00267EPSS
Exploits0References4Affected Software2
Snyk
Snyk
added 2026/03/16 3:30 p.m.3 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value during the creation and expansion of DOC files. An attacker can exhaust server memory resources by uploading a specially crafted DOC file, leading to a denial of service. Remediation Upgrade...

6.9CVSS5.8AI score0.00267EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/16 3:30 p.m.8 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value during the creation and expansion of DOC files. An attacker can exhaust server memory resources by uploading a specially crafted DOC file, leading to a denial of service. Remediation Upgrade...

6.9CVSS5.8AI score0.00267EPSS
Exploits0References3
OSV
OSV
added 2026/03/16 3:30 p.m.6 views

GHSA-XV2P-WCHJ-QJHP Mattermost fails to bound memory allocation when processing DOC files

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00267EPSS
Exploits0References4
NVD
NVD
added 2026/03/16 2:18 p.m.2 views

CVE-2026-25780

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Advisory ID:...

4.3CVSS0.00267EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/16 12:59 p.m.2 views

CVE-2026-25780 Memory Exhaustion via Malformed DOC File Upload

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00267EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.4 views

PT-2026-25712

Mattermost fails to bound memory allocation when processing DOC files in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

4.3CVSS5.8AI score0.00267EPSS
Exploits0References8
Rows per page
Query Builder