Lucene search
K

362 matches found

CVE
CVE
added 2026/05/18 6:58 a.m.25 views

CVE-2026-3495

CVE-2026-3495 affects Mattermost versions 11.5.x up to 11.5.1 and 10.11.x up to 10.11.13. The root cause is failure to escape certain variables during error page composition, enabling an attacker with access to edit site configuration to inject JavaScript and execute malicious code. The connected...

4.8CVSS5.9AI score0.00143EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.13 views

Mattermost 跨站脚本漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series as well as 10.11.13 and earlier 10.11.x series have a cross-site scripting vulnerability. This vulnerability arises from variables that...

4.8CVSS5.7AI score0.00143EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/16 1:12 a.m.13 views

SUSE CVE-2026-41181

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors custom error pages middleware. When the backend returns a response matching the configured status range, the middleware forwards the...

5.8CVSS5.8AI score0.00445EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/15 4:27 p.m.12 views

EUVD-2026-30557

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors custom error pages middleware. When the backend returns a response matching the configured status range, the middleware forwards the...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/07 5:6 p.m.4 views

CVE-2026-34951

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripting vulnerability via the footerScripts parameter, which does not sanitize user-supplied input...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/04/06 4:16 p.m.4 views

CVE-2026-34951

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripting vulnerability via the footerScripts parameter, which does not sanitize user-supplied input...

6.1CVSS0.00149EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 3:58 p.m.4 views

EUVD-2026-19357

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripting vulnerability via the footerScripts parameter, which does not sanitize user-supplied input...

5.1CVSS5.8AI score0.00149EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/24 12:32 a.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in debug exceptions, which use ERB escaping. An attacker can execute JavaScript in the context of the affected application by triggering a malicious exception message that is rendered bypassing the intended...

6.1CVSS5.7AI score0.00401EPSS
Exploits0References2
OSV
OSV
added 2026/03/23 8:45 p.m.1 views

GHSA-PGM4-439C-5JP6 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Impact The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled config.considerallrequestslocal = true, whi...

5.3CVSS5.9AI score0.00401EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/25 4:6 a.m.6 views

CVE-2026-25545

Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect...

8.6CVSS5.5AI score0.01414EPSS
Exploits1References1
OSV
OSV
added 2026/02/24 12:37 a.m.6 views

CVE-2026-25545 Astro has Full-Read SSRF in error rendering via Host: header injection

Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect...

6.9CVSS5.5AI score0.01414EPSS
Exploits1References5
Snyk
Snyk
added 2026/02/23 9:54 p.m.6 views

Server-side Request Forgery (SSRF)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in renderError, when custom prerendered error pages like 404.astro or 500.astro are in use. The...

8.6CVSS5.4AI score0.01414EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/10 7:33 a.m.6 views

CVE-2025-66594

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...

6.9CVSS5.4AI score0.00204EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.7 views

Beckhoff Automation TwinCAT 3 HMI Server Cross-site Scripting Vulnerability

Beckhoff Automation TwinCAT 3 HMI Server is a data transmission and permission management component developed by the American company Beckhoff Automation. The Beckhoff Automation TwinCAT 3 HMI Server has a cross-site scripting vulnerability. This vulnerability allows authenticated administrators ...

5.5CVSS5.9AI score0.00207EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 7 : mod_auth_openidc-1.8.8-5.el7 (AXSA:2019-4244:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-4244:01 advisory. modauthopenidc: OIDCCLAIM and OIDCAuthNHeader not skipped in an AuthType oauth20 configuration CVE-2017-6413 modauthopenidc: Shows user-supplied...

8.6CVSS7AI score0.05177EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.4 views

OpenProject 信息泄露漏洞

OpenProject is a web-based project management software from OpenProject open source. An information disclosure vulnerability exists in OpenProject versions 11.2.1 through prior to 16.6.2, which originates from an error page that discloses username information and could lead to account enumeration...

6.9CVSS6AI score0.00254EPSS
Exploits0References4
OSV
OSV
added 2025/12/12 6:15 a.m.4 views

UBUNTU-CVE-2025-67724

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

6.1CVSS6AI score0.00185EPSS
Exploits0References6
OSV
OSV
added 2025/11/18 12:1 p.m.9 views

CLSA-2025-1763467263 Fix CVE(s): CVE-2025-62168

SECURITY UPDATE: information disclosure via HTTP authentication credentials - debian/patches/CVE-2025-62168.patch: Fix bug causing visibility of proxy auth data to scripts by redacting credentials from error page code expansion output and mailto link generation - CVE-2025-62168...

10CVSS7.3AI score0.6332EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/13 8:26 p.m.5 views

CVE-2025-64745 Astro development server error page vulnerable to reflected Cross-site Scripting

Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...

2.7CVSS5.5AI score0.00213EPSS
Exploits1References4
OSV
OSV
added 2025/11/13 8:26 p.m.6 views

CVE-2025-64745 Astro development server error page vulnerable to reflected Cross-site Scripting

Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...

2.7CVSS5.9AI score0.00213EPSS
Exploits1References6
Rows per page
Query Builder