Lucene search
K

6138 matches found

EUVD
EUVD
added 2025/12/09 6:30 p.m.6 views

EUVD-2025-202299

Uncontrolled Search Path Element vulnerability in Yandex Telemost on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.19.1...

8.8CVSS6.5AI score0.00151EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/09 6:30 p.m.5 views

EUVD-2025-202301

Uncontrolled Search Path Element vulnerability in Yandex Messenger on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.245...

8.8CVSS6.5AI score0.00143EPSS
Exploits0References2
NVD
NVD
added 2025/12/09 4:17 p.m.4 views

CVE-2025-5470

Uncontrolled Search Path Element vulnerability in Yandex Disk on MacOS allows Search Order Hijacking.This issue affects Disk: before 3.2.45.3275...

8.8CVSS0.00148EPSS
Exploits0References1
OSV
OSV
added 2025/12/09 4:17 p.m.5 views

CVE-2025-5471

Uncontrolled Search Path Element vulnerability in Yandex Telemost on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.19.1...

7.8CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2025/12/09 4:17 p.m.8 views

CVE-2025-5469

Uncontrolled Search Path Element vulnerability in Yandex Messenger on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.245...

8.8CVSS0.00143EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 3:55 p.m.5 views

CVE-2025-5469 Dylib Hijacking in Yandex Messenger

Uncontrolled Search Path Element vulnerability in Yandex Messenger on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.245...

8.8CVSS6.6AI score0.00143EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 3:55 p.m.23 views

CVE-2025-5469 Dylib Hijacking in Yandex Messenger

Uncontrolled Search Path Element vulnerability in Yandex Messenger on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.245...

8.8CVSS0.00143EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/12/09 8:32 a.m.2 views

expat: integer overflow in the doProlog function

A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service...

7.5CVSS7.4AI score0.03992EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/12/09 7:23 a.m.2 views

expat: integer overflow in the doProlog function

A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service...

7.5CVSS7.4AI score0.03992EPSS
Exploits0References4
OSV
OSV
added 2025/12/09 12:0 a.m.6 views

CVE-2022-50649 power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()

In the Linux kernel, the following vulnerability has been resolved: power: supply: adp5061: fix out-of-bounds read in adp5061getchgtype ADP5061CHGSTATUS1CHGSTATUS is masked with 0x07, which means a length of 8, but adp5061chgtype array size is 4, may end up reading 4 elements beyond the end of th...

6.3AI score0.00176EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

TalentSoft UNIS SQL注入漏洞

TalentSoft UNIS is a talent management system from TalentSoft Turkey. A SQL injection vulnerability exists in TalentSoft UNIS versions prior to 42321, which stems from improper neutralization of special elements and could lead to a SQL injection attack...

9.8CVSS7.7AI score0.00463EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.5 views

PT-2025-50090

Name of the Vulnerable Software and Affected Versions Yandex Telemost versions prior to 2.19.1 Description An uncontrolled search path element issue exists in Yandex Telemost on MacOS, enabling search order hijacking. This allows an attacker to potentially manipulate the system's search path to...

8.8CVSS6.6AI score0.00151EPSS
Exploits0References3
OSV
OSV
added 2025/12/08 2:15 a.m.2 views

DEBIAN-CVE-2023-53762

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in hcidisconnectallsync Use-after-free can occur in hcidisconnectallsync if a connection is deleted by concurrent processing of a controller event. To prevent this the code now tries to iterate over th...

5.4AI score0.00155EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/12/04 11:12 p.m.3 views

expat: integer overflow in the doProlog function

A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service...

7.5CVSS7.4AI score0.03992EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/04 3:17 a.m.9 views

CVE-2025-13448

The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 2025/12/03 3:15 a.m.6 views

CVE-2025-13448

The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00201EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/03 2:25 a.m.20 views

CVE-2025-13448 CSSIgniter Shortcodes <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute

The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00201EPSS
Exploits0References4
CVE
CVE
added 2025/12/03 2:25 a.m.14 views

CVE-2025-13448

CVE-2025-13448: CSSIgniter Shortcodes for WordPress is vulnerable to Stored XSS via the element shortcode attribute in versions up to 2.4.1. Exploitation requires Contributor+ access; an attacker can inject scripts on pages viewed by users. Wordfence has patched the issue in 2.4.1—update to 2.4.1...

6.4CVSS4.7AI score0.00201EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/03 2:25 a.m.5 views

EUVD-2025-200724

The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS4.7AI score0.00201EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/03 2:25 a.m.3 views

CVE-2025-13448 CSSIgniter Shortcodes <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute

The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS4.7AI score0.00201EPSS
Exploits0References4
Rows per page
Query Builder