Lucene search
K

261 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-1743

Malicious code in bioql PyPI...

5.7CVSS5.8AI score0.00574EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-30448

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00463EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-38416

Malicious code in bioql PyPI...

8.1CVSS6.6AI score0.00421EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-32419

Malicious code in bioql PyPI...

6.8CVSS6.7AI score0.00317EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-33574

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00323EPSS
Exploits1References1
OSV
OSV
added 2025/09/09 8:54 p.m.2 views

GHSA-JQFW-VQ24-V9C3 Vite's `server.fs` settings were not applied to HTML files

Summary Any HTML files on the machine were served regardless of the server.fs settings. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - appType: 'spa' default or appType: 'mpa' i...

2.3CVSS6.4AI score0.00586EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.7 views

PT-2025-36945

Name of the Vulnerable Software and Affected Versions: Halo versions prior to 2.20.13 Description: Halo versions prior to 2.20.13 allow bypassing file type detection, enabling the upload of malicious files, including .exe and .html files. Uploading .html files can trigger stored cross-site...

6.1CVSS5.8AI score0.0024EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/08 10:56 p.m.1 views

CVE-2025-58752 Vite's `server.fs` settings were not applied to HTML files

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or server.host config option and...

2.3CVSS6.3AI score0.00586EPSS
Exploits1References5
CVE
CVE
added 2025/09/08 10:56 p.m.53 views

CVE-2025-58752

Vite CVE-2025-58752 affects the dev and preview servers when exposed on the network: HTML files on the local machine could be served despite server.fs settings, depending on app exposure and appType configuration. Affected versions are <7.1.5, <7.0.7, <6.3.6, and

5.3CVSS6.3AI score0.00586EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/09/08 10:56 p.m.20 views

CVE-2025-58752 Vite's `server.fs` settings were not applied to HTML files

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or server.host config option and...

2.3CVSS0.00586EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.6 views

PT-2025-35097

Name of the Vulnerable Software and Affected Versions: FormCms version 0.5.5 Description: FormCms version 0.5.5 contains a stored cross-site scripting XSS vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible v...

6.9CVSS5.2AI score0.00198EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2025/07/31 12:0 a.m.3 views

CVE-2025-50848

A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload a crafted HTML file containing malicious...

6.1CVSS6.3AI score0.0022EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.7 views

PT-2025-31558 · Cs Cart · Cs-Cart

Name of the Vulnerable Software and Affected Versions: CS Cart version 4.18.3 Description: A file upload vulnerability exists that allows attackers to execute arbitrary code. The software allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This...

6.1CVSS6AI score0.0022EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 8:38 a.m.7 views

CVE-2024-32657

Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...

5.4CVSS7.2AI score0.00463EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:20 a.m.5 views

CVE-2024-10101

A stored cross-site scripting XSS vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payloa...

5.4CVSS5.1AI score0.00323EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:7 a.m.13 views

CVE-2023-47314

Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting XSS. The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files with the victims. As the file download...

5.4CVSS5.8AI score0.00414EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:36 p.m.7 views

CVE-2020-29071

An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving...

9CVSS6AI score0.01639EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:18 p.m.7 views

CVE-2020-20670

An arbitrary file upload vulnerability in /admin/media/upload of ZKEACMS V3.2.0 allows attackers to execute arbitrary code via a crafted HTML file...

8.8CVSS7.6AI score0.01747EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:34 a.m.9 views

CVE-2019-15614

Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files...

5.4CVSS5.6AI score0.00783EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:49 p.m.10 views

CVE-2005-2055

RealPlayer 8, 10, 10.5 6.0.12.1040-1069, and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via "default settings of earlier Internet Explorer browsers"...

5CVSS7AI score0.00905EPSS
Exploits0References1
Rows per page
Query Builder