Lucene search
+L

936 matches found

NVD
NVD
added 2026/01/05 6:16 a.m.15 views

CVE-2025-14124

The Team WordPress plugin before 5.0.11 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

8.6CVSS0.0156EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/30 9:30 p.m.6 views

EUVD-2025-205838

A Stored Cross-Site Scripting XSS vulnerability exists in the Meeting location field of the Create/Edit Conference functionality in TrueConf Server v5.5.2.10813. The injected payload is stored via the meetingroom parameter and executed when users visit the Conference Info page, allowing attackers...

4.8AI score0.00261EPSS
Exploits1References3
Snyk
Snyk
added 2025/12/30 7:41 p.m.7 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the XML file upload. An attacker can execute arbitrary JavaScript in the context of an administrator's browser session by uploading a crafted XML file containing malicious code, which is rendered without...

5.4CVSS5.5AI score0.00981EPSS
Exploits2References2
Veracode
Veracode
added 2025/12/23 3:11 p.m.9 views

Cross-site Scripting (XSS)

OWASP Java HTML Sanitizer is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization when HtmlPolicyBuilder permits noscript and style tags with allowTextIn, which allows an attacker to craft malicious CSS or HTML payloads that bypass the defined policy and execu...

8.6CVSS6.9AI score0.00231EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/19 12:37 p.m.8 views

CVE-2025-67849

A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...

5.6AI score0.00232EPSS
Exploits0References2
Veracode
Veracode
added 2025/12/13 7:43 a.m.8 views

Cross-Site Scripting (XSS)

spotipy is vulnerable to cross-site scripting XSS. The vulnerability is due to improper sanitization of the error parameter in the OAuth callback server, which allows an attacker to inject and execute arbitrary JavaScript in the user's browser during OAuth authentication...

3.6CVSS6AI score0.00141EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2025/12/13 6:37 a.m.19 views

Cross Site Scripting (XSS)

getgrav/grav is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of...

6.1CVSS5.9AI score0.00191EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2025/12/13 6:0 a.m.20 views

SQL Injection

nukeviet/nukeviet is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the topicsid parameter in modules/news/admin/addtotopics.php, which allows an attacker to execute malicious SQL queries through crafted input...

9.8CVSS7.4AI score0.01583EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2025/12/13 5:8 a.m.24 views

SQL Injection

io.dataease, dataease-plugin-common is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the dataSourceId parameter, which allows an attacker to inject and execute arbitrary SQL queries...

9.8CVSS7.6AI score0.00977EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/04 5:59 p.m.3 views

CVE-2025-9127 PX Enterprise Improper Sanitization Vulnerability

A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions...

8.4CVSS6.2AI score0.00112EPSS
Exploits0References1
CVE
CVE
added 2025/12/04 5:59 p.m.16 views

CVE-2025-9127

CVE-2025-9127 affects PX Enterprise. Multiple connected reports identify a vulnerability where sensitive information may be logged under certain conditions. From the sources, the affected product is PX Enterprise, with local access (CVSSv3.1: AV=L, AC:L, PR:L, UI:N; confidentiality impact HIGH; i...

8.4CVSS6.2AI score0.00112EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/04 5:59 p.m.28 views

CVE-2025-9127 PX Enterprise Improper Sanitization Vulnerability

A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions...

8.4CVSS0.00112EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/04 6:2 a.m.8 views

Cross-site Scripting (XSS)

com.liferay, com.liferay.mentions.web are vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in name-related text fields, which allows an attacker to inject malicious scripts that execute in various widgets or apps such as comments,...

5.4CVSS6.2AI score0.00205EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2025/12/03 12:49 a.m.9 views

Credential Disclosure

Grype is vulnerable to credential disclosure. The vulnerability is due to improper sanitization of registry credentials in output files generated using the --file or --output json= options, which allows an attacker to obtain exposed registry credentials from the generated output files...

8.2CVSS5.8AI score0.00133EPSS
Exploits0References4Affected Software2
Veracode
Veracode
added 2025/12/01 9:14 a.m.6 views

Cross-site Scripting (XSS)

mailgen is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization in the generatePlaintext method, which fails to remove HTML tags provided as encoded entities, allowing an attacker to inject malicious HTML or JavaScript that can execute when the resulting...

6.3CVSS6.7AI score0.00395EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/11/27 5:15 p.m.7 views

CVE-2025-12559

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channelid/commonteams endpoint...

4.3CVSS0.00192EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/19 5:45 a.m.3 views

CVE-2025-12710 Pet-Manager – Petfinder <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via kwm-petfinder Shortcode

The Pet-Manager – Petfinder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kwm-petfinder shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS4.7AI score0.00224EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/07 12:0 a.m.13 views

CVE-2025-63714

Cross-Site Scripting XSS vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via crafted input in the Username Prefix field. The vulnerability exists due to improper sanitization of...

0.00259EPSS
Exploits1References2
Veracode
Veracode
added 2025/11/05 12:27 p.m.7 views

HTML Injection

mailgen is vulnerable to HTML injection. The vulnerability is due to improper sanitization of user-supplied content and Mailgen.generatePlaintextemail retaining HTML tags from input. An attacker can supply crafted content to inject HTML into generated plaintext emails...

6.9CVSS6.9AI score0.00409EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.12 views

PT-2025-44771

Name of the Vulnerable Software and Affected Versions Simple User Management System with PHP-MySQL version 1.0 Description The Simple User Management System with PHP-MySQL fails to properly sanitize user input in the Profile Section, allowing attackers to inject and execute arbitrary JavaScript...

4.6CVSS5.9AI score0.00195EPSS
Exploits1References3
Rows per page
Query Builder