Lucene search
K

1644 matches found

Nuclei
Nuclei
added 12 hours ago67 views

Apache Tomcat Examples Web Application - Cross-Site Scripting

Apache Tomcat 8.5.50 to 8.5.81, 9.0.30 to 9.0.64, 10.0.0-M1 to 10.0.22, and 10.1.0-M1 to 10.1.0-M16 contain a reflected cross-site scripting caused by displaying unfiltered user data in the Form authentication example, letting attackers execute scripts in victim browsers, exploit requires attacke...

6.1CVSS6.8AI score0.06156EPSS
Exploits0References4
Nuclei
Nuclei
added 12 hours ago17 views

Label Studio < 1.16.0 - Cross-Site Scripting

Label Studio prior to version 1.16.0 contains a cross-site scripting caused by rendering unsanitized user-provided HTML in the /projects/upload-example endpoint, letting attackers execute arbitrary JavaScript via crafted labelconfig in a GET request, exploit requires victims to visit malicious UR...

6.1CVSS6.2AI score0.01778EPSS
Exploits2References2
OSV
OSV
added 5 days ago4 views

PYSEC-2026-773 Remote code execution in Apache Airflow Docker's Provider

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to authenticated remote code exploit of code on the Airflow worker host. Disable loading of example DAGs or upgrade apache-airflow-providers-docker to 3.0.0 or above...

8.8CVSS6.3AI score0.01602EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/30 3:1 a.m.11 views

CVE-2026-50229

A flaw was found in Apache Tomcat. This vulnerability, known as Cross-Site Scripting XSS, allows a remote attacker to inject malicious scripts into the 'number guess example' web page. When other users view the compromised page, these scripts can execute in their web browsers. This could lead to...

6.1CVSS5.8AI score0.00423EPSS
Exploits1References4
OSV
OSV
added 2026/06/29 9:16 p.m.9 views

DEBIAN-CVE-2026-50229

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS5.7AI score0.00423EPSS
Exploits1References1
NVD
NVD
added 2026/06/29 9:16 p.m.9 views

CVE-2026-50229

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS0.00423EPSS
Exploits1References2
CVE
CVE
added 2026/06/29 8:36 p.m.104 views

CVE-2026-50229

CVE-2026-50229 describes an XSS flaw in the Apache Tomcat “number guess” example. Affected versions include Tomcat 11.0.0-M1–11.0.22, 10.1.0-M1–10.1.55, 9.0.0.M1–9.0.118, 8.5.0–8.5.100, and 7.0.0–7.0.109. The root cause is improper neutralization of script-related HTML tags in that example web pa...

6.1CVSS5.7AI score0.00423EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/29 8:36 p.m.5 views

CVE-2026-50229

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS5.7AI score0.00423EPSS
Exploits1
Cvelist
Cvelist
added 2026/06/29 8:36 p.m.47 views

CVE-2026-50229 Apache Tomcat: XSS in number guess example

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

0.00423EPSS
Exploits1References1
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-478 PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution

Summary The first-party PraisonAI A2A server example combines three behaviors into a remotely exploitable Critical chain: 1. The example exposes an A2A server without configuring authtoken. 2. The same example binds the server to 0.0.0.0. 3. The example registers a calculateexpression tool...

9.8CVSS6.5AI score0.00084EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 10:52 p.m.53 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for May 2026

Summary Multiple vulnerabilities were addressed in IBM Process Mining 2.1.1 IF002 Vulnerability Details CVEID:CVE-2026-7246 DESCRIPTION: Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands...

9.1CVSS8.7AI score0.00967EPSS
Exploits3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.13 views

CVE-2026-41697

A flaw was found in Spring Data Relational. This vulnerability allows a remote attacker to perform boolean-based blind data inference by supplying wildcard characters in externally-controlled input when using StringMatcher in Query By Example QBE. This can lead to the disclosure of sensitive...

4.8CVSS5.7AI score0.00227EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/10 12:31 a.m.13 views

EUVD-2026-35893

Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected versions: Spring Data...

4.8CVSS5.5AI score0.00227EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 12:16 a.m.15 views

CVE-2026-41697

Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected versions: Spring Data...

4.8CVSS0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

VMware Spring Data Relational 安全漏洞

VMware Spring Data Relational is a relational database access framework developed by VMware, Inc. There is a security vulnerability in VMware Spring Data Relational, which stems from the improper escaping of external control inputs when using StringMatcher in Query By Example. Attackers can use...

4.8CVSS5.3AI score0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 11:47 p.m.43 views

CVE-2026-41697 Spring Data Relational Parameter not Escaped for Query By Example LIKE Pattern

Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected versions: Spring Data...

4.8CVSS0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:47 p.m.10 views

CVE-2026-41697 Spring Data Relational Parameter not Escaped for Query By Example LIKE Pattern

Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected versions: Spring Data...

4.8CVSS5.5AI score0.00227EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:47 p.m.47 views

CVE-2026-41697

CVE-2026-41697 affects Spring Data Relational/JDBC/R2DBC across multiple versions (4.0.0–4.0.5; 3.5.0–3.5.11; 3.4.0–3.4.14; 3.3.0–3.3.16; 3.2.0–3.2.15; 3.1.0–3.1.14; 3.0.0–3.0.15; 2.4.0–2.4.19). The root cause is improper escaping of binding values for StringMatcher (STARTING, ENDING, CONTAINING)...

4.8CVSS5.5AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 2:17 p.m.11 views

MAL-2026-5371 Malicious code in @doaction/example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5632bd1a9818c4a4af54e5297d40c10279d83e702ee5f59fa9bd50c52a33e0bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 2:17 p.m.13 views

Malicious code in @doaction/example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e2df92bb520aefba5bcfa6e3e88b4cbd7da3ea27b121380c17615bcfbab1ade @doaction/[email protected] is a scoped npm package whose package.json self-describes as 'Example package with Datadog environment telemetry for...

6.1AI score
Exploits0References3
Rows per page
Query Builder