Lucene search
K

6 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 8:25 p.m.6 views

CVE-2026-52807

Gogs is an open source self-hosted Git service. Prior to 0.14.3, in newform.tmpl, milestone names are rendered with Go's default auto-escaping .Name, which converts to etc. This prevents direct HTML injection. However, when the browser renders the DOM, the text content of the element contains the...

4.8CVSS5.9AI score0.00483EPSS
Exploits0References5Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/23 3:40 p.m.5 views

Malicious code in @sporta-technology/d11-web-components.dropdown (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/04/23 3:40 p.m.4 views

MAL-2025-3326 Malicious code in @sporta-technology/d11-web-components.dropdown (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
Veracode
Veracode
added 2024/10/17 7:22 a.m.6 views

Data Validation Bypass

Gradio is vulnerable to a Data Validation Bypass vulnerability. The vulnerability is due to improper enforcement of input constraints due to the pre-processing step in the Dropdown component, allowing attackers to send custom requests with arbitrary values even when the allowcustomvalue parameter...

7.1AI score
Exploits0
OSV
OSV
added 2024/10/10 10:11 p.m.12 views

GHSA-26JH-R8G2-6FPR Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list

Impact What kind of vulnerability is it? Who is impacted? This vulnerability is a data validation issue in the Gradio Dropdown component's pre-processing step. Even if the allowcustomvalue parameter is set to False, attackers can bypass this restriction by sending custom requests with arbitrary...

6.9CVSS7.4AI score
Exploits0References2
Node.js
Node.js
added 2019/06/10 8:46 p.m.21 views

Cross-Site Scripting

Overview Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting XSS. The soho-dropdown component does not properly encode its output and may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 4.18.2 or later References - GitHub Issue -...

6.8AI score
Exploits0Affected Software1
Rows per page
Query Builder