Lucene search
K

206 matches found

Snyk
Snyk
added 2026/06/29 10:53 p.m.5 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the checkUserPassword process. An attacker can execute arbitrary queries on the backend database by injecting specially crafted input into the password field of a Graph...

8.7CVSS6.2AI score0.00484EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 8:7 p.m.45 views

CVE-2026-55603

CVE-2026-55603 affects http-proxy-middleware (Node.js). In versions 3.0.4–3.0.7 and 4.1.1, fixRequestBody() rebuilds multipart/form-data by interpolating req.body into the wire format without neutralizing CR/LF. This can let an attacker inject a new multipart part (via unescaped CRLF in keys/valu...

7.5CVSS5.9AI score0.00243EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:6 p.m.21 views

NPM: http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`

NPM: http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in fixRequestBody vulnerability discovered by ? in WordPress Npm http-proxy-middleware versions = 3.0.4, 3.0.7...

7.5CVSS5.8AI score0.00243EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50172

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description A prototype pollution issue allows a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. Prototype polluti...

6.4CVSS5.9AI score0.00259EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.10 views

CVE-2026-47970

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00307EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:30 p.m.11 views

EUVD-2026-35720

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.10 views

EUVD-2026-35617

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00307EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.12 views

CVE-2026-48300

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS0.00224EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.12 views

CVE-2026-47950

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS0.00224EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.14 views

CVE-2026-47939

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS0.00307EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 4:48 p.m.29 views

CVE-2026-47972

Adobe Experience Manager (AEM) up to version 6.5.24, LTS SP1, 2026.04 and earlier is affected by a stored XSS vulnerability. A low-privilege attacker can inject malicious scripts into vulnerable form fields, with malicious JavaScript executed in the victim’s browser when visiting the affected pag...

5.4CVSS5.5AI score0.00224EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/09 4:48 p.m.23 views

CVE-2026-47990

Adobe Experience Manager (AEM) 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored XSS in vulnerable form fields. A low-privileged attacker can inject malicious scripts, which execute in a victim’s browser when visiting the page with the vulnerable field. The vulnerability scope is note...

5.4CVSS5.5AI score0.00224EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/09 4:48 p.m.27 views

CVE-2026-47950

CVE-2026-47950 : Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability. A low-privileged attacker can inject malicious scripts into vulnerable form fields, causing the victim’s browser to execute JavaScript w...

5.4CVSS5.5AI score0.00224EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.8 views

CVE-2026-47957 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS5.1AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS5.1AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.17 views

CVE-2026-23756

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subject POST parameter is not sanitized in ControllerStep.InsertSubmit and EditSubmit before being rendered by ViewStep.RenderViewSteps. An authenticated staff member can inject...

5.4CVSS5.4AI score0.00141EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.11 views

CVE-2026-40102

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

6.5CVSS5.4AI score0.00295EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.14 views

CVE-2026-4821

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields such as httpproxy. Exploitation o...

8.1CVSS5.9AI score0.00014EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Electerm 安全漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm 3.8.8 and earlier have security vulnerabilities. These vulnerabilities stem from the possibility of executing local PTY code when bookmarking or synchronizing targets involves injecting the ex...

9.4CVSS5.9AI score0.00234EPSS
Exploits0References2
Rows per page
Query Builder