35246 matches found
CVE-2026-44669
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...
CVE-2026-44668
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...
CVE-2026-9567
A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isomintern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been released to the publ...
CVE-2026-44668 Faction: Unauthenticated Read, Modify, and Delete of Boilerplate Templates
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...
CVE-2026-44668 Faction: Unauthenticated Read, Modify, and Delete of Boilerplate Templates
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...
EUVD-2026-31943
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...
CVE-2026-44669
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...
CVE-2026-44669 Faction: Stored XSS in Assessment Attachment Filename Preview Rendering
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...
CVE-2026-44667
FACTION is a PenTesting Report Generation and Collaboration Framework. A stored XSS flaw exists prior to version 1.8.3 where user-supplied attachment filename values are persisted and rendered into HTML and attribute contexts without output encoding in remediation verification/file preview flows....
CVE-2026-48903 Joomla! Framework - [20260519] - Inadequate content filtering within the checkAttribute filter code.
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...
CVE-2026-48903
CVE-2026-48903 concerns the Joomla Framework, where the underlying issue is "inadequate content filtering within the checkAttribute methods" that leads to cross-site scripting (XSS) vulnerabilities across multiple components. The affected vector is the checkAttribute/filter code paths in the fram...
CVE-2026-48903 Joomla! Framework - [20260519] - Inadequate content filtering within the checkAttribute filter code.
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...
CVE-2026-48905 Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.
Lack of input filtering leads to an XSS vector in the HTML filter code...
CVE-2026-48905 Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.
Lack of input filtering leads to an XSS vector in the HTML filter code...
CVE-2026-48905
The CVE-2026-48905 entry describes a vulnerability in the Joomla! Framework related to the cleanAttributes filter code, where inadequate input filtering creates an XSS vector in the HTML filtering path. According to the available metrics, this is a CVSS 4.0 base score of 6.9 (Medium) with impact ...
Exploit for CVE-2007-2447
🛡️ Metasploitable2 Vulnerability Assessment Author: Jaden Julius...
tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments
A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...
CVE-2026-42586
A flaw was found in Netty, an asynchronous, event-driven network application framework. The Netty Redis codec encoder RedisEncoder does not properly validate or sanitize user-controlled string content for CRLF Carriage Return Line Feed characters. A remote attacker, by controlling the content of ...
WordPress Felan Framework plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Felan Framework versions = 1.1.3...
tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments
A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...