Lucene search
+L

19990 matches found

osv
osv
added 2026/03/28 12:16 p.m.6 views

UBUNTU-CVE-2016-20043

NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the...

8.6CVSS6.5AI score0.00203EPSS
Exploits1References5
cve
cve
added 2026/03/28 11:58 a.m.11 views

CVE-2016-20043

NRSS RSS Reader 0.3.9-1 is affected by a local stack buffer overflow. An attacker can pass an oversized argument to the -F parameter, crafting input with 256 bytes of padding followed by a controlled EIP value to overwrite the return address and execute arbitrary code. This is a local vulnerabili...

8.6CVSS6.4AI score0.00203EPSS
Exploits1References3Affected Software1
cnnvd
cnnvd
added 2026/03/28 12:0 a.m.8 views

NRSS Reader 缓冲区错误漏洞

NRSS Reader is a desktop reading tool developed by NRSS Corporation, designed for subscribing to and reading RSS information sources. Version 0.3.9-1 of NRSS Reader contains a buffer overflow vulnerability. This vulnerability stems from a stack buffer overflow, which could allow local attackers t...

8.6CVSS6.4AI score0.00203EPSS
Exploits1References3
redhatcve
redhatcve
added 2026/03/26 3:11 p.m.7 views

CVE-2026-32844

XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...

6.1CVSS6AI score0.00257EPSS
Exploits0References1
debiancve
debiancve
added 2026/03/25 10:27 a.m.5 views

CVE-2026-23320

Removed by vendor...

5.9AI score0.00022EPSS
Exploits0
nvd
nvd
added 2026/03/20 6:16 p.m.7 views

CVE-2026-32844

XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...

6.1CVSS0.00257EPSS
Exploits0References2
cve
cve
added 2026/03/20 5:26 p.m.13 views

CVE-2026-32844

XinLiangCoder php_api_doc contains a reflected XSS via list_method.php (GET parameter f) after commit 1ce5bbf. Unsanitized input is echoed to the page, enabling execution of arbitrary JavaScript in victims’ browsers. Impact cited includes session hijacking, credential theft, or malware distributi...

6.1CVSS6AI score0.00257EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/03/20 5:26 p.m.5 views

CVE-2026-32844

XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...

6.1CVSS6AI score0.00257EPSS
Exploits0References3
cvelist
cvelist
added 2026/03/20 5:26 p.m.24 views

CVE-2026-32844 XinLiangCoder / php_api_doc Reflected XSS via list_method.php

XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...

6.1CVSS0.00257EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/03/20 12:0 a.m.9 views

php_api_doc 跨站脚本漏洞

phpapidoc is a PHP API documentation generation tool developed by Wally’s personal developer. phpapidoc has a cross-site scripting vulnerability, which stems from improper cleaning of the f parameter in the listmethod.php file. This vulnerability may lead to reflective cross-site scripting attack...

6.1CVSS5.6AI score0.00257EPSS
Exploits0References2
euvd
euvd
added 2026/03/16 3:30 p.m.5 views

EUVD-2026-12284

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this issue is the functio...

9CVSS6.4AI score0.00793EPSS
Exploits1References6
attackerkb
attackerkb
added 2026/03/16 1:2 a.m.5 views

CVE-2026-4204

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function...

6.5CVSS5.5AI score0.03394EPSS
Exploits1References5Affected Software20
ptsecurity
ptsecurity
added 2026/03/16 12:0 a.m.7 views

PT-2026-25591

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this issue is the functio...

9CVSS6.4AI score0.00793EPSS
Exploits1References5
cnnvd
cnnvd
added 2026/03/16 12:0 a.m.11 views

D-Link多款产品 安全漏洞

D-Link DNS-320, etc., are products of D-Link Corporation from China. The D-Link DNS-320 is a NAS Network Attached Storage device. The D-Link DNS-325 is also a NAS device. The D-Link DNS-120 is a network storage adapter. Several D-Link products have security vulnerabilities; these vulnerabilities...

9.8CVSS7.7AI score0.00793EPSS
Exploits1References5
cnnvd
cnnvd
added 2026/03/11 12:0 a.m.20 views

The Unofficial and Awesome Home Assistant MCP Server 跨站脚本漏洞

The Unofficial and Awesome Home Assistant MCP Server is an open-source component of the Unofficial Home Assistant AI Toolkit, designed to connect smart home platforms with AI assistants. Versions of the Unofficial and Awesome Home Assistant MCP Server prior to version 7.0.0 contained a cross-site...

6.8CVSS5.8AI score0.00181EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/08 1:44 a.m.8 views

CVE-2026-30238

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter Base64 JSON is decoded and then injected into an inline JavaScript...

6.1CVSS5.8AI score0.00278EPSS
Exploits1References1
nvd
nvd
added 2026/03/06 10:16 p.m.6 views

CVE-2026-30238

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter Base64 JSON is decoded and then injected into an inline JavaScript...

6.1CVSS0.00278EPSS
Exploits1References1
euvd
euvd
added 2026/03/06 9:14 p.m.7 views

EUVD-2026-10080

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter Base64 JSON is decoded and then injected into an inline JavaScript...

5.1CVSS5.9AI score0.00278EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/03/06 9:14 p.m.4 views

CVE-2026-30238 Group-Office: Reflected XSS in JavaScript context

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter Base64 JSON is decoded and then injected into an inline JavaScript...

5.1CVSS5.9AI score0.00278EPSS
Exploits1References1
cvelist
cvelist
added 2026/03/06 9:14 p.m.23 views

CVE-2026-30238 Group-Office: Reflected XSS in JavaScript context

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter Base64 JSON is decoded and then injected into an inline JavaScript...

5.1CVSS0.00278EPSS
Exploits1References1
Rows per page
Query Builder