Lucene search
K

123 matches found

Circl
Circl
added 2023/01/27 12:39 a.m.23 views

CVE-2023-24433

creationtimestamp| type| source ---|---|--- 2023-01-27 00:39:09+00:00| seen| https://t.me/cibsecurity/56970 2025-09-23 15:45:52+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lzjbdt5pol42...

6.5CVSS6.3AI score0.00769EPSS
Exploits0References2
Huntr
Huntr
added 2022/08/12 7:34 a.m.22 views

Stored XSS vulnerability when importing RSS Feeds from external source

Description YetiForceCRM allows user create RSS Feeds without purifying the link field of the input data properly from external source. An attacker can take advantage of this vulnerability to perform an XML Injection attack that leads to stored cross-site scripting XSS on the target server. Proof...

4.9CVSS0.2AI score0.00688EPSS
Exploits1References2
Circl
Circl
added 2022/04/12 8:23 p.m.3 views

CVE-2022-28033

creationtimestamp| type| source ---|---|--- 2022-04-12 20:23:22+00:00| seen| https://t.me/cibsecurity/40659...

9.8CVSS8.7AI score0.05412EPSS
Exploits1References1
Huntr
Huntr
added 2021/09/30 7:57 a.m.17 views

Static Code Injection in collectiveaccess/pawtucket2

Description This is with reference to another SSRF report I made https://huntr.dev/bounties/43505ece-7d5e-44b8-a7a3-69bd42d0ad02/ in which the fix was to filter external src from images. Pawtucket2 makes use of the same code as Providence to filter HTML, however it does not include the new fix...

0.2AI score
Exploits0References1
Circl
Circl
added 2021/04/20 3:25 p.m.6 views

CVE-2021-22899

creationtimestamp| type| source ---|---|--- 2021-04-20 15:25:01+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus12/2021 2021-04-21 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=570 2021-07-29 17:59:02+00:00| seen| https://t.me/RussianOSINT/875...

8.8CVSS7.5AI score0.22343EPSS
Exploits0References8
OSV
OSV
added 2021/02/18 3:15 p.m.4 views

CVE-2021-20443

IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality such as a library from a source that is outside of the intended control sphere. IBM X-Force ID: 196619...

8.8CVSS5.8AI score0.00826EPSS
Exploits0References2
OSV
OSV
added 2020/09/09 4:15 p.m.3 views

UBUNTU-CVE-2020-11986

To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis o...

9.8CVSS7.2AI score0.09931EPSS
Exploits0References4
Hacker One
Hacker One
added 2019/07/11 4:32 p.m.61 views

curl: Insecure Frame (External)

Summary: Insecure Frame External Steps To Reproduce: Vulnerability Details identified an external insecure or misconfigured iframe. Remedy Apply sandboxing in inline frame For untrusted content, avoid the usage of seamless attribute and allow-top-navigation, allow-popups and allow-scripts in...

7.3AI score
Exploits0
Circl
Circl
added 2019/05/17 4:51 p.m.6 views

CVE-2019-10139

creationtimestamp| type| source ---|---|--- 2019-05-17 16:51:42+00:00| seen| https://t.me/cvemitreorg/53...

7.8CVSS6.5AI score0.00245EPSS
Exploits0References1
Prion
Prion
added 2017/10/03 1:29 a.m.8 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable."...

4.3CVSS6.1AI score0.01271EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2017/10/02 6:0 p.m.20 views

CVE-2015-7980

Cross-site scripting XSS vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable."...

6.1AI score0.01271EPSS
Exploits0References5
Circl
Circl
added 2017/07/11 2:4 a.m.5 views

CVE-2017-5618

creationtimestamp| type| source ---|---|--- 2017-07-11 02:04:41+00:00| published-proof-of-concept| https://t.me/HackingPublicoficial/162 2025-10-05 03:00:06+00:00| published-proof-of-concept| Telegram/SumV8avL7Sbl1SJPErB4-ULAsTbHoJ55HPswnJfdlCjxM 2025-10-07 21:02:38+00:00| seen|...

7.8CVSS7.7AI score0.01087EPSS
Exploits6References3
Circl
Circl
added 2017/03/20 12:0 a.m.12 views

CVE-2017-0120

creationtimestamp| type| source ---|---|--- 2017-03-20 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41655...

4.3CVSS6.8AI score0.22046EPSS
Exploits1References1
Circl
Circl
added 2016/08/10 12:0 a.m.12 views

CVE-2016-5847

creationtimestamp| type| source ---|---|--- 2016-08-10 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/40230...

5.8CVSS6.8AI score0.01033EPSS
Exploits5References1
Circl
Circl
added 2016/02/24 12:0 a.m.16 views

CVE-2016-1839

creationtimestamp| type| source ---|---|--- 2016-02-24 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39491...

5.5CVSS7AI score0.07347EPSS
Exploits2References1
NVD
NVD
added 2015/06/15 2:59 p.m.16 views

CVE-2015-4387

Cross-site scripting XSS vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy that uses the username constraint, allows remote attackers to inject arbitrary web script or HTML via a...

2.6CVSS5.6AI score0.01178EPSS
Exploits0References5
Prion
Prion
added 2015/06/15 2:59 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy that uses the username constraint, allows remote attackers to inject arbitrary web script or HTML via a...

2.6CVSS6AI score0.01178EPSS
Exploits0References5Affected Software1
Circl
Circl
added 2014/05/16 12:0 a.m.30 views

CVE-2014-3749

creationtimestamp| type| source ---|---|--- 2014-05-16 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39187...

7.5CVSS6.8AI score0.01306EPSS
Exploits2References1
Circl
Circl
added 2013/12/30 12:0 a.m.13 views

CVE-2013-7278

creationtimestamp| type| source ---|---|--- 2013-12-30 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38935...

7.5CVSS7AI score0.02597EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2011/12/19 12:0 a.m.32 views

FreeBSD : typo3 -- Remote Code Execution (3c957a3e-2978-11e1-89b4-001ec9578670)

The typo3 security team reports : A crafted request to a vulnerable TYPO3 installation will allow an attacker to load PHP code from an external source and to execute it on the TYPO3 installation. This is caused by a PHP file, which is part of the workspaces system extension, that does not validat...

6.8CVSS5.8AI score0.0563EPSS
Exploits1References3
Rows per page
Query Builder